Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
J4zGPhVRV3.exe

Overview

General Information

Sample name:J4zGPhVRV3.exe
renamed because original name is a hash value
Original sample name:55cb5fa83a98b9d7cc70cad5fe59f44f8d48956b363df2fbf7ad649b9c4970e5.exe
Analysis ID:1544725
MD5:3bca758ce1d5c3858ac8e10a2a38b514
SHA1:0f9de1a1b10f85941f89dbf603cc587323e2c003
SHA256:55cb5fa83a98b9d7cc70cad5fe59f44f8d48956b363df2fbf7ad649b9c4970e5
Tags:873901exeRemoteManipulatoruser-JAMESWT_MHT
Infos:

Detection

RMSRemoteAdmin
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Changes security center settings (notifications, updates, antivirus, firewall)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
IP address seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Communication To Uncommon Destination Ports
Sigma detected: Use Short Name Path in Command Line
Stores large binary data to the registry
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected RMS RemoteAdmin tool
Yara signature match

Classification

Process Tree

  • System is w10x64
  • svchost.exe (PID: 6772 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 2356 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 1512 cmdline: C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6648 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 5828 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 5832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • J4zGPhVRV3.exe (PID: 2440 cmdline: "C:\Users\user\Desktop\J4zGPhVRV3.exe" MD5: 3BCA758CE1D5C3858AC8E10A2A38B514)
    • Acrobat.exe (PID: 7220 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user~1\AppData\Local\Temp\file.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 7488 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 7696 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1740,i,9168305141304841160,3939740794304371731,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • msiexec.exe (PID: 7276 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user~1\AppData\Local\Temp\winrar.msi" /qn MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7380 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 8180 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 454D404CF2CD6CFC0CCDA935FCCB9601 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • rfusclient.exe (PID: 8384 cmdline: "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" -msi_copy "C:\Users\user~1\AppData\Local\Temp\winrar.msi" MD5: 2F0D3D1ABD463AC64AA4E743B50AA055)
    • rutserv.exe (PID: 8508 cmdline: "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /silentinstall MD5: 4251BB135CC9A31DD42F0BE1FBC30A86)
    • rutserv.exe (PID: 8556 cmdline: "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewall MD5: 4251BB135CC9A31DD42F0BE1FBC30A86)
    • rutserv.exe (PID: 8588 cmdline: "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /start MD5: 4251BB135CC9A31DD42F0BE1FBC30A86)
  • svchost.exe (PID: 7552 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7788 cmdline: C:\Windows\system32\svchost.exe -k LocalService -s W32Time MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • rutserv.exe (PID: 8624 cmdline: "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -service MD5: 4251BB135CC9A31DD42F0BE1FBC30A86)
    • rutserv.exe (PID: 8684 cmdline: "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewall MD5: 4251BB135CC9A31DD42F0BE1FBC30A86)
    • rfusclient.exe (PID: 8720 cmdline: "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" MD5: 2F0D3D1ABD463AC64AA4E743B50AA055)
      • rfusclient.exe (PID: 3920 cmdline: "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray MD5: 2F0D3D1ABD463AC64AA4E743B50AA055)
    • rfusclient.exe (PID: 8728 cmdline: "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray MD5: 2F0D3D1ABD463AC64AA4E743B50AA055)
  • svchost.exe (PID: 2584 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
    C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMALWARE_Win_RemoteUtilitiesRATRemoteUtilitiesRAT RAT payloadditekSHen
    • 0x3a30b0:$s1: rman_message
    • 0x454704:$s3: rms_host_
    • 0x4550bc:$s3: rms_host_
    • 0x818d8c:$s4: rman_av_capture_settings
    • 0x45b888:$s7: _rms_log.txt
    • 0x4c0790:$s8: rms_internet_id_settings
    C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
      C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeMALWARE_Win_RemoteUtilitiesRATRemoteUtilitiesRAT RAT payloadditekSHen
      • 0x39f9a8:$s1: rman_message
      • 0x46eaa8:$s3: rms_host_
      • 0x46f460:$s3: rms_host_
      • 0x82c4f4:$s4: rman_av_capture_settings
      • 0x8788cc:$s5: rman_registry_key
      • 0x878918:$s5: rman_registry_key
      • 0x545320:$s6: rms_system_information
      • 0x2f2dac:$s7: _rms_log.txt
      • 0x5046f0:$s8: rms_internet_id_settings

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmpJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
        00000018.00000002.3760276212.0000000004DF8000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
          00000017.00000002.3745548454.000000000329A000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
            00000018.00000002.3748231450.000000000325A000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
              00000017.00000002.3745548454.0000000003276000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
                Click to see the 9 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                16.0.rfusclient.exe.620000.0.unpackJoeSecurity_RMSRemoteAdminYara detected RMS RemoteAdmin toolJoe Security
                  16.0.rfusclient.exe.620000.0.unpackMALWARE_Win_RemoteUtilitiesRATRemoteUtilitiesRAT RAT payloadditekSHen
                  • 0x3a30b0:$s1: rman_message
                  • 0x454704:$s3: rms_host_
                  • 0x4550bc:$s3: rms_host_
                  • 0x818d8c:$s4: rman_av_capture_settings
                  • 0x45b888:$s7: _rms_log.txt
                  • 0x4c0790:$s8: rms_internet_id_settings

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Communication To Uncommon Destination Ports
                  Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 111.90.140.51, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: , Initiated: true, ProcessId: , Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 57717
                  Sigma detected: Use Short Name Path in Command Line
                  Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user~1\AppData\Local\Temp\file.pdf", CommandLine: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user~1\AppData\Local\Temp\file.pdf", CommandLine|base64offset|contains: , Image: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe, NewProcessName: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe, OriginalFileName: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe, ParentCommandLine: "C:\Users\user\Desktop\J4zGPhVRV3.exe", ParentImage: C:\Users\user\Desktop\J4zGPhVRV3.exe, ParentProcessId: 2440, ParentProcessName: J4zGPhVRV3.exe, ProcessCommandLine: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user~1\AppData\Local\Temp\file.pdf", ProcessId: 7220, ProcessName: Acrobat.exe
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k UnistackSvcGroup, CommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup, ProcessId: 6772, ProcessName: svchost.exe

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeReversingLabs: Detection: 26%
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeReversingLabs: Detection: 26%
                  Multi AV Scanner detection for submitted file
                  Source: J4zGPhVRV3.exeReversingLabs: Detection: 47%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.8% probability
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C493760 rmsEncEncryptData,16_2_6C493760
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C494000 rmsEncRsaPublicDecrypt,memcpy,memcpy,memcpy,16_2_6C494000
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C493D30 rmsEncRsaPrivateDecrypt,memcpy,memcpy,memcpy,16_2_6C493D30
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C4938C0 rmsEncDecryptData,16_2_6C4938C0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C4942D0 rmsEncRsaPrivateEncrypt,memcpy,memcpy,memcpy,16_2_6C4942D0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C493AE0 rmsEncRsaPublicEncrypt,memcpy,16_2_6C493AE0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C4945A0 rmsEncInitSimpleEncryption,memcpy,memcpy,16_2_6C4945A0
                  Source: rfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_713197f1-4

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeUnpacked PE file: 16.2.rfusclient.exe.620000.0.unpack
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\ProgramData\Remote Manipulator System\install.log
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\EULA.rtfJump to behavior
                  Source: J4zGPhVRV3.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: J4zGPhVRV3.exe, 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmp, J4zGPhVRV3.exe, 00000004.00000000.1278503492.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmp
                  Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: d:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: c:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5840BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,4_2_00007FF69E5840BC
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E59B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,4_2_00007FF69E59B190
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5AFCA0 FindFirstFileExA,4_2_00007FF69E5AFCA0
                  Source: global trafficTCP traffic: 192.168.2.7:57244 -> 111.90.140.51:8080
                  Source: global trafficTCP traffic: 192.168.2.7:57245 -> 65.21.245.7:8080
                  Source: global trafficTCP traffic: 192.168.2.7:57248 -> 111.90.140.34:5651
                  Source: Joe Sandbox ViewIP Address: 65.21.245.7 65.21.245.7
                  Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.51
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.34
                  Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                  Source: global trafficDNS traffic detected: DNS query: time.windows.com
                  Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1614665709.0000000001FC7000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2204497712.00000000073A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: rutserv.exe, 00000015.00000003.2207010706.0000000001FB4000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1614665709.0000000001FAD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3747982904.0000000001FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/
                  Source: rutserv.exe, 00000015.00000002.3747982904.0000000001FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3755525600.0000000002031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
                  Source: rutserv.exe, 00000015.00000003.2510641067.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2416091502.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.0000000002022000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3753492646.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crlmF
                  Source: rutserv.exe, 00000015.00000003.2510641067.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1614665709.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2416091502.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.0000000002022000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3753492646.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl
                  Source: rutserv.exe, 00000015.00000003.1614665709.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl.
                  Source: rutserv.exe, 00000015.00000003.2510641067.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1614665709.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2416091502.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.0000000002022000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3753492646.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl/
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2510641067.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2206774620.0000000007352000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2416091502.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3816497054.0000000007350000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3753492646.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
                  Source: rutserv.exe, 00000015.00000003.1612834790.00000000073BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crltyD
                  Source: rutserv.exe, 00000015.00000003.2207010706.0000000001FB4000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1614665709.0000000001FAD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3747982904.0000000001FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/p
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2203008371.0000000002031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                  Source: svchost.exe, 0000000A.00000002.2755374124.0000020074212000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1614665709.0000000001FC7000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2204497712.00000000073A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: svchost.exe, 0000000A.00000003.1313129110.0000020074110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: rfusclient.exe, 00000010.00000000.1420516401.000000000066F000.00000020.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1464455991.00000000004F1000.00000020.00000001.01000000.0000000D.sdmp, rutserv.exe, 00000015.00000003.1552738592.000000007B750000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1563013943.000000007CC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://madExcept.comU
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1614665709.0000000001FC7000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2204497712.00000000073A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                  Source: rutserv.exe, 00000015.00000003.2206774620.0000000007352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/
                  Source: rutserv.exe, 00000015.00000003.2206774620.0000000007352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/bX
                  Source: rutserv.exe, 00000015.00000003.1614665709.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2416091502.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.0000000002022000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3753492646.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6N
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                  Source: rutserv.exe, 00000015.00000003.2203008371.0000000002031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr45http://crl.globalsign.com/codesigningrootr45.crlOF
                  Source: rutserv.exe, 00000015.00000003.2206774620.0000000007352000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2206774620.0000000007360000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1612834790.00000000073BD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3816497054.0000000007360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLuA3ygnKW%2F7xuSx%2
                  Source: rutserv.exe, 00000015.00000003.2206774620.0000000007360000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3816497054.0000000007360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCUABBTLuA3ygnKW%2F7xuSx%2F0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2510641067.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2206774620.0000000007352000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2416091502.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3816497054.0000000007350000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3753492646.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
                  Source: rutserv.exe, 00000015.00000003.2510641067.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2416091502.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3753492646.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca2020http://crl.globalsign.com/gsgccr45codesignca2020.cr
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2203008371.0000000002031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                  Source: rutserv.exe, 00000015.00000003.2206774620.0000000007352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr3http://crl.globalsign.com/root-r3.crlbBby
                  Source: rutserv.exe, 00000015.00000002.3747982904.0000000001F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com:80
                  Source: rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmp, rutserv.exe, 00000015.00000002.3800200492.0000000004225000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3800200492.00000000041C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://rmansys.ru/internet-id/
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                  Source: rfusclient.exe, 00000010.00000000.1420516401.000000000066F000.00000020.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1464455991.00000000004F1000.00000020.00000001.01000000.0000000D.sdmp, rutserv.exe, 00000015.00000003.1552738592.000000007B750000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1563013943.000000007CC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3755525600.0000000002031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2510641067.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2206774620.0000000007352000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2416091502.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3816497054.0000000007350000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3753492646.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
                  Source: rutserv.exe, 00000015.00000003.1614665709.0000000002037000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3755525600.0000000002031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt1.3.6.1.5.5.7.48.1http://ocsp.globalsi
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2203008371.0000000002031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                  Source: rfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
                  Source: svchost.exe, 00000002.00000002.3741897939.0000026853318000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3740763162.0000026852A87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://standards.iso.org/iso/19770/-2/2009/schema.xsd
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                  Source: rutserv.exe, 00000012.00000000.1464455991.00000000004F1000.00000020.00000001.01000000.0000000D.sdmpString found in binary or memory: http://update.tektonit.ru/upgrade.ini
                  Source: rutserv.exe, 00000012.00000000.1464455991.00000000004F1000.00000020.00000001.01000000.0000000D.sdmpString found in binary or memory: http://update.tektonit.ru/upgrade_beta.ini
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.flexerasoftware.com0
                  Source: rfusclient.exe, 00000010.00000003.1451319761.0000000003143000.00000004.00001000.00020000.00000000.sdmp, rfusclient.exe, 00000010.00000000.1420516401.0000000000E7D000.00000020.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000003.1498771327.0000000003713000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000012.00000000.1464455991.0000000001471000.00000020.00000001.01000000.0000000D.sdmp, rutserv.exe, 00000013.00000003.1532539824.0000000003C03000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000014.00000003.1578680590.0000000003B53000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3759250551.000000000261C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.indyproject.org/
                  Source: rfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.inkscape.org/namespaces/inkscape
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                  Source: rutserv.exe, 00000012.00000002.1516529381.000000006C9D7000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
                  Source: rutserv.exe, 00000012.00000002.1516529381.000000006C9D7000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
                  Source: rfusclient.exe, 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmp, rutserv.exe, 00000012.00000002.1516529381.000000006C9D7000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                  Source: svchost.exe, 0000000A.00000003.1313129110.0000020074169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                  Source: svchost.exe, 0000000A.00000003.1313129110.0000020074110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                  Source: rutserv.exe, 00000012.00000002.1516529381.000000006C9EF000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://gcc.gnu.org/bugsrg/bugs/):
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B25A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rmansys.ru/IS_PREVENT_DOWNGRADE_EXITZ_DOWNGRADE_DETECTED;Z_UPGRADE_DETECTED;COMPANYNAME;INST
                  Source: rutserv.exe, 00000015.00000002.3759250551.000000000261C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://rmansys.ru/remote-access/
                  Source: rutserv.exe, 00000015.00000002.3759250551.000000000261C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://rmansys.ru/remote-access//rmansys.ru/remote-access/
                  Source: rutserv.exe, 00000015.00000002.3759250551.000000000261C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://rmansys.ru/remote-access//rmansys.ru/remote-access/O
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2510641067.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1566536646.0000000001FA5000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2206774620.0000000007352000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3755525600.0000000002031000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2416091502.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2203008371.0000000002031000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2480577049.000000000201D000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3816497054.0000000007350000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3753492646.000000000201D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                  Source: rfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.remoteutilities.com/about/privacy-policy.php
                  Source: rfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.remoteutilities.com/buy/money-back-guarantee.php
                  Source: rfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.remoteutilities.com/support/docs/installing-and-uninstalling/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_E818918BC57803438E0E0146A88425A7Jump to dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD92F95DED26541D3AF7F44DC7914843Jump to dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164Jump to dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A62E94087F64223B9812F11186592BAJump to dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41CJump to dropped file

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 16.0.rfusclient.exe.620000.0.unpack, type: UNPACKEDPEMatched rule: RemoteUtilitiesRAT RAT payload Author: ditekSHen
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe, type: DROPPEDMatched rule: RemoteUtilitiesRAT RAT payload Author: ditekSHen
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe, type: DROPPEDMatched rule: RemoteUtilitiesRAT RAT payload Author: ditekSHen
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E57C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,4_2_00007FF69E57C2F0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeCode function: 21_2_0096E6AC CreateProcessAsUserW,CreateProcessAsUserW,CreateProcessW,21_2_0096E6AC
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\41737e.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7E5B.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{827D98D4-CA0D-43D0-8133-225659FBBC61}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8830.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\417381.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\417381.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\ARPPRODUCTICON.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_stop_27D7873393984316BEA10FB36BB4D2F9.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_config_C8E9A92497A149D695F92E4E3AE550F0.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_start_C00864331B9D4391A8A26292A601EBE2.exeJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_E818918BC57803438E0E0146A88425A7
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_E818918BC57803438E0E0146A88425A7
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A62E94087F64223B9812F11186592BA
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A62E94087F64223B9812F11186592BA
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD92F95DED26541D3AF7F44DC7914843
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD92F95DED26541D3AF7F44DC7914843
                  Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7E5B.tmpJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E575E244_2_00007FF69E575E24
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E59CE884_2_00007FF69E59CE88
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E591F204_2_00007FF69E591F20
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A07544_2_00007FF69E5A0754
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5849284_2_00007FF69E584928
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E57F9304_2_00007FF69E57F930
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E58A4AC4_2_00007FF69E58A4AC
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5934844_2_00007FF69E593484
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E59B1904_2_00007FF69E59B190
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5B20804_2_00007FF69E5B2080
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E592D584_2_00007FF69E592D58
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A07544_2_00007FF69E5A0754
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E598DF44_2_00007FF69E598DF4
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E58AF184_2_00007FF69E58AF18
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E594B984_2_00007FF69E594B98
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E58BB904_2_00007FF69E58BB90
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E585B604_2_00007FF69E585B60
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A8C1C4_2_00007FF69E5A8C1C
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A89A04_2_00007FF69E5A89A0
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5939644_2_00007FF69E593964
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E58C96C4_2_00007FF69E58C96C
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E571AA44_2_00007FF69E571AA4
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E592AB04_2_00007FF69E592AB0
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5AFA944_2_00007FF69E5AFA94
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E581A484_2_00007FF69E581A48
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5B5AF84_2_00007FF69E5B5AF8
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5AC8384_2_00007FF69E5AC838
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5748404_2_00007FF69E574840
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5B25504_2_00007FF69E5B2550
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5776C04_2_00007FF69E5776C0
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5953F04_2_00007FF69E5953F0
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E58B5344_2_00007FF69E58B534
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E58F1804_2_00007FF69E58F180
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5921D04_2_00007FF69E5921D0
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5772884_2_00007FF69E577288
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E58126C4_2_00007FF69E58126C
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E57A3104_2_00007FF69E57A310
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E57C2F04_2_00007FF69E57C2F0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C54685016_2_6C546850
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C8D708016_2_6C8D7080
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C845AE016_2_6C845AE0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeCode function: 16_2_6C84580016_2_6C845800
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeCode function: 21_2_0096E6AC21_2_0096E6AC
                  Source: unires_vpd.dll.8.drStatic PE information: Resource name: None type: COM executable for DOS
                  Source: unires_vpd.dll0.8.drStatic PE information: Resource name: None type: COM executable for DOS
                  Source: rutserv.exe.8.drStatic PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
                  Source: rfusclient.exe.8.drStatic PE information: Resource name: RT_STRING type: PDP-11 separate I&D executable not stripped
                  Source: rfusclient.exe.8.drStatic PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
                  Source: unidrvui_rppd.dll0.8.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: libasset32.dll.8.drStatic PE information: Number of sections : 19 > 10
                  Source: libcodec32.dll.8.drStatic PE information: Number of sections : 20 > 10
                  Source: rutserv.exe.8.drStatic PE information: Number of sections : 11 > 10
                  Source: rfusclient.exe.8.drStatic PE information: Number of sections : 11 > 10
                  Source: unires_vpd.dll0.8.drStatic PE information: No import functions for PE file found
                  Source: unires_vpd.dll.8.drStatic PE information: No import functions for PE file found
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISRegSvr.dll vs J4zGPhVRV3.exe
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B303000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs J4zGPhVRV3.exe
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B35A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs J4zGPhVRV3.exe
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1298816778.00000183794B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exe.muiX vs J4zGPhVRV3.exe
                  Source: J4zGPhVRV3.exe, 00000004.00000002.1303027978.00000183794B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exe.muiX vs J4zGPhVRV3.exe
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs J4zGPhVRV3.exe
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B277000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSetAllUsers.dll< vs J4zGPhVRV3.exe
                  Source: J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B3BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs J4zGPhVRV3.exe
                  Source: 16.0.rfusclient.exe.620000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RemoteUtilitiesRAT author = ditekSHen, description = RemoteUtilitiesRAT RAT payload, clamav_sig = MALWARE.Win.Trojan.RemoteUtilitiesRAT
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe, type: DROPPEDMatched rule: MALWARE_Win_RemoteUtilitiesRAT author = ditekSHen, description = RemoteUtilitiesRAT RAT payload, clamav_sig = MALWARE.Win.Trojan.RemoteUtilitiesRAT
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe, type: DROPPEDMatched rule: MALWARE_Win_RemoteUtilitiesRAT author = ditekSHen, description = RemoteUtilitiesRAT RAT payload, clamav_sig = MALWARE.Win.Trojan.RemoteUtilitiesRAT
                  Source: unires_vpd.dll0.8.drStatic PE information: Section .rsrc
                  Source: unires_vpd.dll.8.drStatic PE information: Section .rsrc
                  Source: classification engineClassification label: mal88.evad.winEXE@48/135@2/5
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E57B6D8 GetLastError,FormatMessageW,LocalFree,4_2_00007FF69E57B6D8
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E598624 FindResourceExW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,4_2_00007FF69E598624
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeCode function: 21_2_00A03498 StartServiceCtrlDispatcherW,21_2_00A03498
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeCode function: 21_2_00A03498 StartServiceCtrlDispatcherW,21_2_00A03498
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - HostJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$216c
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\Local\RManFUSTray
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$20c0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMutant created: NULL
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$213c
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\HookTThread$2218
                  Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5832:120:WilError_03
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeMutant created: \BaseNamedObjects\HookTThread$21b0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$218c
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\Local\RManFUSLocal
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeMutant created: \BaseNamedObjects\madExceptSettingsMtx$21b0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$2218
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$2210
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeMutant created: \BaseNamedObjects\madExceptSettingsMtx$21ec
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$f50
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeMutant created: \Sessions\1\BaseNamedObjects\HookTThread$2210
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_4287359Jump to behavior
                  Source: J4zGPhVRV3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeFile read: C:\Windows\win.iniJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: J4zGPhVRV3.exeReversingLabs: Detection: 47%
                  Source: rfusclient.exeString found in binary or memory: ENGINESDIR: "E:/dev/vcpkg/installed/x86-mingw-static/lib/engines-3"
                  Source: rfusclient.exeString found in binary or memory: MODULESDIR: "E:/dev/vcpkg/installed/x86-mingw-static/lib/ossl-modules"
                  Source: rfusclient.exeString found in binary or memory: E:/dev/vcpkg/installed/x86-mingw-static/lib/engines-3
                  Source: rfusclient.exeString found in binary or memory: E:/dev/vcpkg/installed/x86-mingw-static/lib/ossl-modules
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeFile read: C:\Users\user\Desktop\J4zGPhVRV3.exeJump to behavior
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                  Source: unknownProcess created: C:\Users\user\Desktop\J4zGPhVRV3.exe "C:\Users\user\Desktop\J4zGPhVRV3.exe"
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user~1\AppData\Local\Temp\file.pdf"
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user~1\AppData\Local\Temp\winrar.msi" /qn
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1740,i,9168305141304841160,3939740794304371731,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -s W32Time
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 454D404CF2CD6CFC0CCDA935FCCB9601
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" -msi_copy "C:\Users\user~1\AppData\Local\Temp\winrar.msi"
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /silentinstall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /start
                  Source: unknownProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -service
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewall
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe"
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                  Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user~1\AppData\Local\Temp\file.pdf"Jump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user~1\AppData\Local\Temp\winrar.msi" /qnJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 454D404CF2CD6CFC0CCDA935FCCB9601Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" -msi_copy "C:\Users\user~1\AppData\Local\Temp\winrar.msi"Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /silentinstallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /startJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1740,i,9168305141304841160,3939740794304371731,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewall
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe"
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: dxgidebug.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: w32time.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: logoncli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: vmictimeprovider.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: oledlg.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: libasset32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: msftedit.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: libasset32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: oleacc.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msimg32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_is2022.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_g18030.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_iscii.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: libasset32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: oleacc.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msimg32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_is2022.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_g18030.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_iscii.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: firewallapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: fwbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: fwpolicyiomgr.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: sxs.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: libasset32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: oleacc.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msimg32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_is2022.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_g18030.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_iscii.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: libasset32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: oleacc.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msimg32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_is2022.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_g18030.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_iscii.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msxml6.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: mswsock.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: cryptsp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: rsaenh.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: gpapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: cryptnet.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winnsi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: webio.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: rasadhlp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: libasset32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: oleacc.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: msimg32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_is2022.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_g18030.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: c_iscii.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: firewallapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: fwbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: fwpolicyiomgr.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSection loaded: sxs.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: oledlg.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: shfolder.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: faultrep.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: dbgcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: libasset32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: olepro32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: msftedit.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: msxml6.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: oledlg.dll
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppd.iniJump to behavior
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLL
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: J4zGPhVRV3.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: J4zGPhVRV3.exeStatic file information: File size 25298721 > 1048576
                  Source: J4zGPhVRV3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: J4zGPhVRV3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: J4zGPhVRV3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: J4zGPhVRV3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: J4zGPhVRV3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: J4zGPhVRV3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: J4zGPhVRV3.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: J4zGPhVRV3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: J4zGPhVRV3.exe, 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmp, J4zGPhVRV3.exe, 00000004.00000000.1278503492.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmp
                  Source: J4zGPhVRV3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: J4zGPhVRV3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: J4zGPhVRV3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: J4zGPhVRV3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: J4zGPhVRV3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                  Data Obfuscation

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeUnpacked PE file: 16.2.rfusclient.exe.620000.0.unpack
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_4287359Jump to behavior
                  Source: J4zGPhVRV3.exeStatic PE information: section name: .didat
                  Source: J4zGPhVRV3.exeStatic PE information: section name: _RDATA
                  Source: eventmsg.dll.8.drStatic PE information: section name: .didata
                  Source: webmvorbisencoder.dll.8.drStatic PE information: section name: _RDATA
                  Source: vp8encoder.dll.8.drStatic PE information: section name: .rodata
                  Source: vp8decoder.dll.8.drStatic PE information: section name: .rodata
                  Source: webmvorbisdecoder.dll.8.drStatic PE information: section name: _RDATA
                  Source: libasset32.dll.8.drStatic PE information: section name: /4
                  Source: libasset32.dll.8.drStatic PE information: section name: /14
                  Source: libasset32.dll.8.drStatic PE information: section name: /29
                  Source: libasset32.dll.8.drStatic PE information: section name: /41
                  Source: libasset32.dll.8.drStatic PE information: section name: /55
                  Source: libasset32.dll.8.drStatic PE information: section name: /67
                  Source: libasset32.dll.8.drStatic PE information: section name: /78
                  Source: libasset32.dll.8.drStatic PE information: section name: /94
                  Source: libasset32.dll.8.drStatic PE information: section name: /110
                  Source: libcodec32.dll.8.drStatic PE information: section name: .rodata
                  Source: libcodec32.dll.8.drStatic PE information: section name: /4
                  Source: libcodec32.dll.8.drStatic PE information: section name: /14
                  Source: libcodec32.dll.8.drStatic PE information: section name: /29
                  Source: libcodec32.dll.8.drStatic PE information: section name: /41
                  Source: libcodec32.dll.8.drStatic PE information: section name: /55
                  Source: libcodec32.dll.8.drStatic PE information: section name: /67
                  Source: libcodec32.dll.8.drStatic PE information: section name: /78
                  Source: libcodec32.dll.8.drStatic PE information: section name: /94
                  Source: libcodec32.dll.8.drStatic PE information: section name: /110
                  Source: vccorlib120.dll.8.drStatic PE information: section name: minATL
                  Source: rutserv.exe.8.drStatic PE information: section name: .didata
                  Source: rfusclient.exe.8.drStatic PE information: section name: .didata
                  Source: vccorlib120.dll0.8.drStatic PE information: section name: minATL
                  Source: eventmsg.dll.21.drStatic PE information: section name: .didata
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5B5156 push rsi; retf 4_2_00007FF69E5B5157
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5B5166 push rsi; retf 4_2_00007FF69E5B5167
                  Source: VPDAgent.exe.8.drStatic PE information: section name: .text entropy: 6.812931691200469
                  Source: msvcr120.dll.8.drStatic PE information: section name: .text entropy: 6.95576372950548
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\VPDAgent.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7E5B.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcr120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrv_rppd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\emf2pdf.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_stop_27D7873393984316BEA10FB36BB4D2F9.exeJump to dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\ProgramData\Remote Manipulator System\eventmsg.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\webmmux.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrvui_rppd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unires_vpd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdpm.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcr120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdui.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\libasset32.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\setupdrv.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\vccorlib120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrv_rppd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisencoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpd_sdk.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_config_C8E9A92497A149D695F92E4E3AE550F0.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\vccorlib120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\progressbar.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\setupdrv.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdpm.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_start_C00864331B9D4391A8A26292A601EBE2.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\fwproc.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\MessageBox.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\libcodec32.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcp120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\properties.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\eventmsg.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\vp8decoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisdecoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpdisp.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrvui_rppd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\pdfout.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unires_vpd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\srvinst.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcp120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\vp8encoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdui.dllJump to dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\ProgramData\Remote Manipulator System\eventmsg.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7E5B.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_start_C00864331B9D4391A8A26292A601EBE2.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_stop_27D7873393984316BEA10FB36BB4D2F9.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_config_C8E9A92497A149D695F92E4E3AE550F0.exeJump to dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeFile created: C:\ProgramData\Remote Manipulator System\install.log
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Remote Manipulator System - Host\EULA.rtfJump to behavior
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Remote Manipulator System - host\Remote Manipulator System - host service
                  Source: C:\Windows\System32\svchost.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeCode function: 21_2_00A03498 StartServiceCtrlDispatcherW,21_2_00A03498
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                  Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\RMS Host Installer SecurityJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Query firmware table information (likely to detect VMs)
                  Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeSystem information queried: FirmwareTableInformation
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: rutserv.exe, 00000012.00000000.1464455991.0000000000EF1000.00000020.00000001.01000000.0000000D.sdmp, rutserv.exe, 00000014.00000002.1613537037.0000000002148000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                  Source: rutserv.exe, 00000012.00000002.1504952203.0000000001C28000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000014.00000002.1613537037.0000000002148000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXEE
                  Source: rutserv.exe, 00000012.00000002.1504952203.0000000001C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                  Source: rutserv.exe, 00000012.00000002.1504952203.0000000001C28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE9
                  Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeWindow / User API: threadDelayed 1576
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeWindow / User API: threadDelayed 1747
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeWindow / User API: threadDelayed 3038
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeWindow / User API: threadDelayed 9535
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\VPDAgent.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7E5B.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrv_rppd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcr120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\emf2pdf.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_stop_27D7873393984316BEA10FB36BB4D2F9.exeJump to dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeDropped PE file which has not been started: C:\ProgramData\Remote Manipulator System\eventmsg.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\webmmux.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrvui_rppd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdpm.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unires_vpd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcr120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdui.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\setupdrv.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\vccorlib120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrv_rppd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisencoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpd_sdk.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_config_C8E9A92497A149D695F92E4E3AE550F0.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\vccorlib120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\progressbar.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\setupdrv.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdpm.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_start_C00864331B9D4391A8A26292A601EBE2.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\fwproc.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\MessageBox.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcp120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\libcodec32.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\eventmsg.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\properties.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\vp8decoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisdecoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpdisp.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrvui_rppd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unires_vpd.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\pdfout.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\srvinst.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcp120.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\vp8encoder.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdui.dllJump to dropped file
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeAPI coverage: 1.4 %
                  Source: C:\Windows\System32\svchost.exe TID: 7640Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 7660Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8656Thread sleep count: 1576 > 30
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8656Thread sleep time: -1576000s >= -30000s
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8680Thread sleep time: -50000s >= -30000s
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8752Thread sleep time: -180000s >= -30000s
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8772Thread sleep time: -60000s >= -30000s
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8736Thread sleep count: 1747 > 30
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8904Thread sleep time: -60000s >= -30000s
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8628Thread sleep count: 40 > 30
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8628Thread sleep count: 51 > 30
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8628Thread sleep count: 40 > 30
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8656Thread sleep count: 3038 > 30
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe TID: 8656Thread sleep time: -3038000s >= -30000s
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe TID: 9036Thread sleep time: -4767500s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5840BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,4_2_00007FF69E5840BC
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E59B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,4_2_00007FF69E59B190
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5AFCA0 FindFirstFileExA,4_2_00007FF69E5AFCA0
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A16A4 VirtualQuery,GetSystemInfo,4_2_00007FF69E5A16A4
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeThread delayed: delay time: 50000
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeThread delayed: delay time: 60000
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeThread delayed: delay time: 60000
                  Source: svchost.exe, 0000000A.00000002.2747249915.000002006EC2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW l%t
                  Source: rfusclient.exe, 00000010.00000002.1454050125.000000000178C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllw
                  Source: svchost.exe, 00000001.00000002.3737049606.0000022CEE24E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                  Source: svchost.exe, 00000001.00000002.3736668443.0000022CEE238000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: rutserv.exe, 00000012.00000000.1478283984.00000000015A8000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: +YQEmU0
                  Source: svchost.exe, 00000001.00000002.3738500353.0000022CEE285000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: svchost.exe, 00000001.00000002.3736668443.0000022CEE22B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: svchost.exe, 00000001.00000002.3738141196.0000022CEE265000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000g
                  Source: svchost.exe, 0000000A.00000002.2755702839.0000020074254000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2206774620.0000000007352000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3747982904.0000000001F48000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.2207010706.0000000001F7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: svchost.exe, 00000001.00000002.3736339596.0000022CEE200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
                  Source: svchost.exe, 00000001.00000002.3736668443.0000022CEE22B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: svchost.exe, 00000001.00000002.3739147823.0000022CEE302000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: svchost.exe, 00000001.00000002.3737049606.0000022CEE24E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: svchost.exe, 0000000C.00000002.3739280742.000002699A431000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF69E5A76D8
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5B0D20 GetProcessHeap,4_2_00007FF69E5B0D20
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /startJump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF69E5A76D8
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A3354 SetUnhandledExceptionFilter,4_2_00007FF69E5A3354
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF69E5A2510
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF69E5A3170
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E59B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,4_2_00007FF69E59B190
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user~1\AppData\Local\Temp\file.pdf"Jump to behavior
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user~1\AppData\Local\Temp\winrar.msi" /qnJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /silentinstallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe "C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewallJump to behavior
                  Source: rfusclient.exe, 00000010.00000000.1420516401.000000000066F000.00000020.00000001.01000000.0000000B.sdmpBinary or memory string: Shell_TrayWndTrayNotifyWndSV
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E58DC70 cpuid 4_2_00007FF69E58DC70
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: GetLocaleInfoW,GetNumberFormatW,4_2_00007FF69E59A2CC
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exeCode function: 21_2_00CFB958 CreateNamedPipeW,ConnectNamedPipe,ReadFile,DisconnectNamedPipe,21_2_00CFB958
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E5A0754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,4_2_00007FF69E5A0754
                  Source: C:\Users\user\Desktop\J4zGPhVRV3.exeCode function: 4_2_00007FF69E584EB0 GetVersionExW,4_2_00007FF69E584EB0
                  Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                  Lowering of HIPS / PFW / Operating System Security Settings

                  barindex
                  Changes security center settings (notifications, updates, antivirus, firewall)
                  Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46} STATEJump to behavior
                  Source: rutserv.exe, 00000012.00000000.1464455991.0000000000EF1000.00000020.00000001.01000000.0000000D.sdmpBinary or memory string: OLLYDBG.EXE
                  Source: svchost.exe, 00000003.00000002.3742830304.000001D0D1D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: rutserv.exe, 00000014.00000002.1613537037.0000000002148000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ollydbg.exe
                  Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD BlobJump to behavior
                  Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
                  Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                  Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                  Source: Yara matchFile source: 16.0.rfusclient.exe.620000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000018.00000002.3760276212.0000000004DF8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000017.00000002.3745548454.000000000329A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000018.00000002.3748231450.000000000325A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000017.00000002.3745548454.0000000003276000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.3800200492.00000000041C8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000018.00000002.3748231450.0000000003228000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000018.00000002.3760276212.0000000004E3C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000003.1568447250.0000000005E6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.3759250551.00000000026C8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rfusclient.exe PID: 8384, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rutserv.exe PID: 8508, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rutserv.exe PID: 8624, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire Infrastructure1
                  Valid Accounts                  		1
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  Exploitation for Privilege Escalation                  		12
                  Disable or Modify Tools                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomains1
                  Replication Through Removable Media                  		2
                  Command and Scripting Interpreter                  		1
                  Valid Accounts                  		1
                  DLL Side-Loading                  		2
                  Obfuscated Files or Information                  		LSASS Memory11
                  Peripheral Device Discovery                  		Remote Desktop ProtocolData from Removable Media21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts2
                  Service Execution                  		22
                  Windows Service                  		1
                  Valid Accounts                  		12
                  Software Packing                  		Security Account Manager3
                  File and Directory Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                  Access Token Manipulation                  		1
                  DLL Side-Loading                  		NTDS66
                  System Information Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script22
                  Windows Service                  		1
                  File Deletion                  		LSA Secrets1
                  Query Registry                  		SSHKeylogging13
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts13
                  Process Injection                  		22
                  Masquerading                  		Cached Domain Credentials361
                  Security Software Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Valid Accounts                  		DCSync2
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry                  		Proc Filesystem131
                  Virtualization/Sandbox Evasion                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Access Token Manipulation                  		/etc/passwd and /etc/shadow1
                  Application Window Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron131
                  Virtualization/Sandbox Evasion                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd13
                  Process Injection                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1544725 Sample: J4zGPhVRV3.exe Startdate: 29/10/2024 Architecture: WINDOWS Score: 88 59 x1.i.lencr.org 2->59 61 time.windows.com 2->61 73 Malicious sample detected (through community Yara rule) 2->73 75 Multi AV Scanner detection for dropped file 2->75 77 Multi AV Scanner detection for submitted file 2->77 79 2 other signatures 2->79 9 msiexec.exe 92 95 2->9         started        12 rutserv.exe 2->12         started        16 svchost.exe 2->16         started        18 7 other processes 2->18 signatures3 process4 dnsIp5 49 server_stop_27D787...EA10FB36BB4D2F9.exe, PE32 9->49 dropped 51 server_start_C0086...8A26292A601EBE2.exe, PE32 9->51 dropped 53 server_config_C8E9...5F92E4E3AE550F0.exe, PE32 9->53 dropped 57 41 other files (10 malicious) 9->57 dropped 20 rutserv.exe 9->20         started        23 rfusclient.exe 9->23         started        25 rutserv.exe 9->25         started        35 2 other processes 9->35 63 111.90.140.34, 5651, 57248, 57251 SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY Malaysia 12->63 65 111.90.140.51, 5651, 57244, 57246 SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY Malaysia 12->65 67 65.21.245.7, 5651, 57245, 57249 CP-ASDE United States 12->67 55 C:\ProgramData\...\eventmsg.dll, PE32 12->55 dropped 87 Query firmware table information (likely to detect VMs) 12->87 27 rfusclient.exe 12->27         started        29 rutserv.exe 12->29         started        31 rfusclient.exe 12->31         started        89 Changes security center settings (notifications, updates, antivirus, firewall) 16->89 33 MpCmdRun.exe 16->33         started        69 127.0.0.1 unknown unknown 18->69 37 2 other processes 18->37 file6 signatures7 process8 signatures9 81 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 20->81 83 Query firmware table information (likely to detect VMs) 27->83 39 rfusclient.exe 27->39         started        42 conhost.exe 33->42         started        44 AcroCEF.exe 104 37->44         started        process10 signatures11 85 Query firmware table information (likely to detect VMs) 39->85 46 AcroCEF.exe 44->46         started        process12 dnsIp13 71 96.6.160.189, 443, 49742 AKAMAI-ASUS United States 46->71

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  J4zGPhVRV3.exe47%ReversingLabsWin64.Spyware.TektonIt

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\MessageBox.exe3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\VPDAgent.exe0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\emf2pdf.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\fwproc.exe3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\pdfout.dll2%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\progressbar.exe3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\properties.exe3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\srvinst.exe3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpd_sdk.dll2%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpdisp.exe2%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcp120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcr120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdpm.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdui.dll4%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\setupdrv.exe3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrv_rppd.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrvui_rppd.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unires_vpd.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\vccorlib120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcp120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcr120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdpm.dll2%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdui.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\setupdrv.exe3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrv_rppd.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrvui_rppd.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unires_vpd.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\vccorlib120.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\eventmsg.dll3%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\libasset32.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\libcodec32.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe26%ReversingLabsWin32.Spyware.TektonIt
                  C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe26%ReversingLabsWin32.Spyware.TektonIt
                  C:\Program Files (x86)\Remote Manipulator System - Host\vp8decoder.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\vp8encoder.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\webmmux.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisdecoder.dll0%ReversingLabs
                  C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisencoder.dll0%ReversingLabs
                  C:\ProgramData\Remote Manipulator System\eventmsg.dll3%ReversingLabs
                  C:\Windows\Installer\MSI7E5B.tmp0%ReversingLabs
                  C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\ARPPRODUCTICON.exe0%ReversingLabs
                  C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exe0%ReversingLabs
                  C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_config_C8E9A92497A149D695F92E4E3AE550F0.exe0%ReversingLabs
                  C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_start_C00864331B9D4391A8A26292A601EBE2.exe0%ReversingLabs
                  C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_stop_27D7873393984316BEA10FB36BB4D2F9.exe0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                  https://g.live.com/odclientsettings/ProdV21C:0%URL Reputationsafe
                  http://www.indyproject.org/0%URL Reputationsafe
                  http://www.symauth.com/cps0(0%URL Reputationsafe
                  https://g.live.com/odclientsettings/Prod1C:0%URL Reputationsafe
                  http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd0%URL Reputationsafe
                  http://www.symauth.com/rpa000%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  x1.i.lencr.org
                  		unknown
                  		unknownfalse
                    		unknown
                    time.windows.com
                    		unknown
                    		unknownfalse
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.remoteutilities.com/support/docs/installing-and-uninstalling/rfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpfalse
                        		unknown
                        https://curl.se/docs/http-cookies.htmlrfusclient.exe, 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmp, rutserv.exe, 00000012.00000002.1516529381.000000006C9D7000.00000002.00000001.01000000.0000000C.sdmpfalse
                          		unknown
                          http://update.tektonit.ru/upgrade.inirutserv.exe, 00000012.00000000.1464455991.00000000004F1000.00000020.00000001.01000000.0000000D.sdmpfalse
                            		unknown
                            http://update.tektonit.ru/upgrade_beta.inirutserv.exe, 00000012.00000000.1464455991.00000000004F1000.00000020.00000001.01000000.0000000D.sdmpfalse
                              		unknown
                              http://madExcept.comUrfusclient.exe, 00000010.00000000.1420516401.000000000066F000.00000020.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1464455991.00000000004F1000.00000020.00000001.01000000.0000000D.sdmp, rutserv.exe, 00000015.00000003.1552738592.000000007B750000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1563013943.000000007CC50000.00000004.00001000.00020000.00000000.sdmpfalse
                                		unknown
                                http://schemas.xmlsoap.org/soap/envelope/rfusclient.exe, 00000010.00000000.1420516401.000000000066F000.00000020.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1464455991.00000000004F1000.00000020.00000001.01000000.0000000D.sdmp, rutserv.exe, 00000015.00000003.1552738592.000000007B750000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000015.00000003.1563013943.000000007CC50000.00000004.00001000.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 0000000A.00000003.1313129110.0000020074110000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://crl.ver)svchost.exe, 0000000A.00000002.2755374124.0000020074212000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://www.indyproject.org/rfusclient.exe, 00000010.00000003.1451319761.0000000003143000.00000004.00001000.00020000.00000000.sdmp, rfusclient.exe, 00000010.00000000.1420516401.0000000000E7D000.00000020.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000003.1498771327.0000000003713000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000012.00000000.1464455991.0000000001471000.00000020.00000001.01000000.0000000D.sdmp, rutserv.exe, 00000013.00000003.1532539824.0000000003C03000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000014.00000003.1578680590.0000000003B53000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3759250551.000000000261C000.00000004.00001000.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://curl.se/docs/alt-svc.htmlrutserv.exe, 00000012.00000002.1516529381.000000006C9D7000.00000002.00000001.01000000.0000000C.sdmpfalse
                                    		unknown
                                    http://www.symauth.com/cps0(J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://rmansys.ru/internet-id/rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmp, rutserv.exe, 00000015.00000002.3800200492.0000000004225000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000015.00000002.3800200492.00000000041C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://standards.iso.org/iso/19770/-2/2009/schema.xsdsvchost.exe, 00000002.00000002.3741897939.0000026853318000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3740763162.0000026852A87000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://curl.se/docs/hsts.htmlrutserv.exe, 00000012.00000002.1516529381.000000006C9D7000.00000002.00000001.01000000.0000000C.sdmpfalse
                                          		unknown
                                          https://g.live.com/odclientsettings/Prod1C:svchost.exe, 0000000A.00000003.1313129110.0000020074169000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://gcc.gnu.org/bugsrg/bugs/):rutserv.exe, 00000012.00000002.1516529381.000000006C9EF000.00000002.00000001.01000000.0000000C.sdmpfalse
                                            		unknown
                                            http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtdrfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.symauth.com/rpa00J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://rmansys.ru/remote-access//rmansys.ru/remote-access/rutserv.exe, 00000015.00000002.3759250551.000000000261C000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://rmansys.ru/remote-access//rmansys.ru/remote-access/Orutserv.exe, 00000015.00000002.3759250551.000000000261C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://rmansys.ru/remote-access/rutserv.exe, 00000015.00000002.3759250551.000000000261C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.flexerasoftware.com0J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2B5000.00000004.00000020.00020000.00000000.sdmp, J4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B2F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://rmansys.ru/IS_PREVENT_DOWNGRADE_EXITZ_DOWNGRADE_DETECTED;Z_UPGRADE_DETECTED;COMPANYNAME;INSTJ4zGPhVRV3.exe, 00000004.00000003.1291857327.000001837B25A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://www.inkscape.org/namespaces/inkscaperfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                        		unknown
                                                        https://www.remoteutilities.com/buy/money-back-guarantee.phprfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                          		unknown
                                                          https://www.remoteutilities.com/about/privacy-policy.phprfusclient.exe, 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, rutserv.exe, 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            111.90.140.51
                                                            		unknownMalaysia
                                                            		45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYfalse
                                                            111.90.140.34
                                                            		unknownMalaysia
                                                            		45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYfalse
                                                            96.6.160.189
                                                            		unknownUnited States
                                                            		16625AKAMAI-ASUSfalse
                                                            65.21.245.7
                                                            		unknownUnited States
                                                            		199592CP-ASDEfalse

                                                            Private

                                                            IP
                                                            127.0.0.1

                                                            General Information

                                                            Joe Sandbox version:41.0.0 Charoite
                                                            Analysis ID:1544725
                                                            Start date and time:2024-10-29 16:50:47 +01:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 13m 0s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:31
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:J4zGPhVRV3.exe
                                                            renamed because original name is a hash value
                                                            Original Sample Name:55cb5fa83a98b9d7cc70cad5fe59f44f8d48956b363df2fbf7ad649b9c4970e5.exe
                                                            Detection:MAL
                                                            Classification:mal88.evad.winEXE@48/135@2/5
                                                            EGA Information:
                                                            • Successful, ratio: 83.3%
                                                            HCA Information:Failed
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe
                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                            Warnings

                                                            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                            • Excluded IPs from analysis (whitelisted): 20.101.57.9, 184.28.88.176, 172.64.41.3, 162.159.61.3, 52.5.13.197, 54.227.187.23, 23.22.254.206, 52.202.204.11, 184.28.90.27, 2.23.197.184, 93.184.221.240, 2.19.126.149, 2.19.126.143, 104.18.20.226, 104.18.21.226
                                                            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, cdn.globalsigncdn.com.cdn.cloudflare.net, twc.trafficmanager.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, acroipm2.adobe.com, ocsp.globalsign.com, dns.msftncsi.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, global.prd.cdn.globalsign.com, crl.globalsign.com, geo2.adobe.com
                                                            • Execution Graph export aborted for target rutserv.exe, PID 8508 because there are no executed function
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • VT rate limit hit for: J4zGPhVRV3.exe

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            11:51:47API Interceptor3x Sleep call for process: svchost.exe modified
                                                            11:51:57API Interceptor2x Sleep call for process: AcroCEF.exe modified
                                                            13:01:30API Interceptor2718268x Sleep call for process: rutserv.exe modified
                                                            13:01:37API Interceptor799706x Sleep call for process: rfusclient.exe modified
                                                            13:02:03API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            111.90.140.34044f.pdf.scrGet hashmaliciousRMSRemoteAdminBrowse
                                                              65.21.245.7FPPhfkcDCh.exeGet hashmaliciousRemcosBrowse
                                                                gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                  0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                    0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                      0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                        0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                          044f.pdf.scrGet hashmaliciousRMSRemoteAdminBrowse
                                                                            3e#U043c.scrGet hashmaliciousRMSRemoteAdminBrowse
                                                                              3e#U043c.scrGet hashmaliciousRMSRemoteAdminBrowse

                                                                                Domains

                                                                                No context

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYFPPhfkcDCh.exeGet hashmaliciousRemcosBrowse
                                                                                • 101.99.93.169
                                                                                gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                b.cmdGet hashmaliciousUnknownBrowse
                                                                                • 101.99.92.203
                                                                                rrwzOU7A9F.exeGet hashmaliciousXWormBrowse
                                                                                • 101.99.92.203
                                                                                3xlcP3DFLm.exeGet hashmaliciousXWormBrowse
                                                                                • 101.99.92.203
                                                                                JruZmEO5Dm.exeGet hashmaliciousXWormBrowse
                                                                                • 101.99.92.203
                                                                                SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYFPPhfkcDCh.exeGet hashmaliciousRemcosBrowse
                                                                                • 101.99.93.169
                                                                                gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 111.90.140.76
                                                                                b.cmdGet hashmaliciousUnknownBrowse
                                                                                • 101.99.92.203
                                                                                rrwzOU7A9F.exeGet hashmaliciousXWormBrowse
                                                                                • 101.99.92.203
                                                                                3xlcP3DFLm.exeGet hashmaliciousXWormBrowse
                                                                                • 101.99.92.203
                                                                                JruZmEO5Dm.exeGet hashmaliciousXWormBrowse
                                                                                • 101.99.92.203
                                                                                CP-ASDEFPPhfkcDCh.exeGet hashmaliciousRemcosBrowse
                                                                                • 65.21.245.7
                                                                                gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                                • 65.21.245.7
                                                                                SALARY OF OCT 2024.exeGet hashmaliciousFormBookBrowse
                                                                                • 65.21.196.90
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 65.21.245.7
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 65.21.245.7
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 65.21.245.7
                                                                                0438.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                • 65.21.245.7
                                                                                iQPxJrxxaj.exeGet hashmaliciousPikaBotBrowse
                                                                                • 65.20.66.218
                                                                                iQPxJrxxaj.exeGet hashmaliciousPikaBotBrowse
                                                                                • 65.20.66.218
                                                                                http://www.thegioimoicau.com/Get hashmaliciousUnknownBrowse
                                                                                • 65.21.45.74
                                                                                AKAMAI-ASUS2DpxPyeiUv.exeGet hashmaliciousStealc, VidarBrowse
                                                                                • 23.47.50.140
                                                                                Oakville_Service_Update_d76b33a1-3420-40be-babd-e82e253ad25c.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                • 184.28.88.176
                                                                                CARDFACTORYAccess Program, Tuesday, October 29, 2024.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 23.38.98.84
                                                                                buNtKcYHCa.exeGet hashmaliciousLummaCBrowse
                                                                                • 104.102.49.254
                                                                                Jo Smalley shared _Harbour Healthcare Ltd Project_ with you..emlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 184.28.90.27
                                                                                Jo Smalley shared _Harbour Healthcare Ltd Project_ with you..emlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 184.28.90.27
                                                                                la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                • 96.17.237.137
                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                • 23.47.50.150
                                                                                JVLkkfzSKW.exeGet hashmaliciousStealc, VidarBrowse
                                                                                • 23.47.50.145
                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                • 104.93.21.152

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\MessageBox.exeSecuriteInfo.com.PUA.Tool.RemoteControl.20.28594.18180.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                  SecuriteInfo.com.PUA.Tool.RemoteControl.20.28594.18180.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                    044f.pdf.scrGet hashmaliciousRMSRemoteAdminBrowse
                                                                                      3e#U043c.scrGet hashmaliciousRMSRemoteAdminBrowse
                                                                                        3e#U043c.scrGet hashmaliciousRMSRemoteAdminBrowse
                                                                                          GkLbUGixzx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                            GkLbUGixzx.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                                              3C77C16EE21FF2F584B1EB5DF4882976A934D50D1D4E0.exeGet hashmaliciousRMSRemoteAdminBrowse

                                                                                                Created / dropped Files

                                                                                                C:\Config.Msi\417380.rbs

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:modified
                                                                                                Size (bytes):30807
                                                                                                Entropy (8bit):5.366179396583254
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:Tyt4t4t+gTp1M3Ub0iM01HuECiwAw0Nwsj9jet1h/0:6Tpy3Ub0eHuECiwAwwwsj9jetb0
                                                                                                MD5:FD8976471AAAEA4921D0EA6C6B049C02
                                                                                                SHA1:03D9CB396E947FB953FC01928D77D942D03090A4
                                                                                                SHA-256:29C2329B35D8FE965A9636FC8452275705C4179D4F269E8B11CD245156ED16E0
                                                                                                SHA-512:5A270216D31A7E4DFD4BDD4D33BBD844B7D32D9485BA62A55B7451F307CA722A165793182846F397ECBD0E3EF7438C242783450ED2DA1B7007BB76051CA5983F
                                                                                                Malicious:false
                                                                                                Preview:...@IXOS.@.....@{^]Y.@.....@.....@.....@.....@.....@......&.{827D98D4-CA0D-43D0-8133-225659FBBC61} .Remote Manipulator System - Host..winrar.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{C457692F-C69F-4EF4-B4C9-3DF451F76F30}.....@.....@.....@.....@.......@.....@.....@.......@.... .Remote Manipulator System - Host......Rollback....B.:.0.B. .4.5.9.A.B.2.8.O.:...[1]..RollbackCleanup..#.4.0.;.5.=.8.5. .2.@.5.<.5.=.=.K.E. .D.0.9.;.>.2...$.0.9.;.:. .[.1.].....ProcessComponents"...1.=.>.2.;.5.=.8.5. .@.5.3.8.A.B.@.0.F.8.8. .:.>.<.?.>.=.5.=.B.>.2...&.{74F2505E-B20A-4AED-968F-AE5B278DB38A}&.{827D98D4-CA0D-43D0-8133-225659FBBC61}.@......&.{26EAB54E-4659-47E8-86F9-4CB74F7E03BE}&.{827D98D4-CA0D-43D0-8133-225659FBBC61}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{827D98D4-CA0D-43D0-8133-225659FBBC61}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{00000000-0000-0000-0000-000000000000}.@......&.{182310A2-CD9E-4171-ACD1-3AEDD260A15F}&.{827D98D4-CA0D-43D0-8133-225659FBBC61}.@......&.{3244

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\EULA.rtf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
                                                                                                Category:dropped
                                                                                                Size (bytes):140524
                                                                                                Entropy (8bit):4.705761523836363
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:wu3K4JDvJNJt2cGTXxl5loUWDTEhkClEgoKt9ai1IYdO5NVSUeDfydxqXJe2JNC0:wu93dN2OqrYZlKhIiSEGQ4wL
                                                                                                MD5:65B04B706AC06E31210F4FFB1E92994E
                                                                                                SHA1:B005637B3DE903CBD7960637D77FF993897C5A63
                                                                                                SHA-256:E9ACC22A02BC2148AE07EC7CBE741E6E1CBC90DE3856AAE8F32A31FB5C338566
                                                                                                SHA-512:5B708D069434A384738EFD5F4621F257FC79A7F5A32D8AE9C1D29E21EFE1EEB2C393EC67DA39714C0C73F2217B68091EE7196C72331838A0A7ECA872FAF09A09
                                                                                                Malicious:false
                                                                                                Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch0\stshfloch31506\stshfhich31506\stshfbi31506\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times New Roman};}..{\f1\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset204\fprq1{\*\panose 02070309020205020404}Courier New;}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f34\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria Math;}..{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times New Roman};}{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times New Roman};}..{\fhimajor\f31502\fbidi \froman\fcharset204\fprq2{\*\panose 0204

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\MessageBox.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):15680
                                                                                                Entropy (8bit):6.579534230870796
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:XxgSABvdm4Yy3EA39QKoEp0Fm7qFAmL8x2fLWwsU7K6CYv7+C:Xx0FmW3Ea1KmexmMK6jr
                                                                                                MD5:C2F009D6317D1BA4E722938A1408478A
                                                                                                SHA1:66D702BC9FA98D1E7FE9BBC16AFF9AE711019E9B
                                                                                                SHA-256:6A8D4FB6F90B53D986B2AC6BF3BFCC56D6A54A2E8AF5670129566F5D344ED0FA
                                                                                                SHA-512:4D8060EC77EB9B95B57BC20AF2685064FA1E1FCC9403EFE95572C37D72ACD39B8005831EA0BAE95C365E945E50962B7FE1BFD964C5776D3E99CE5E474F726BFE
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Joe Sandbox View:
                                                                                                • Filename: SecuriteInfo.com.PUA.Tool.RemoteControl.20.28594.18180.exe, Detection: malicious, Browse
                                                                                                • Filename: SecuriteInfo.com.PUA.Tool.RemoteControl.20.28594.18180.exe, Detection: malicious, Browse
                                                                                                • Filename: 044f.pdf.scr, Detection: malicious, Browse
                                                                                                • Filename: 3e#U043c.scr, Detection: malicious, Browse
                                                                                                • Filename: 3e#U043c.scr, Detection: malicious, Browse
                                                                                                • Filename: GkLbUGixzx.exe, Detection: malicious, Browse
                                                                                                • Filename: GkLbUGixzx.exe, Detection: malicious, Browse
                                                                                                • Filename: 3C77C16EE21FF2F584B1EB5DF4882976A934D50D1D4E0.exe, Detection: malicious, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3.j.]Oj.]Oj.]Og..Oh.]Og..Oh.]Og..Oy.]Og..Oh.]Oc..Oc.]Oj.\OY.]O..Ok.]Og..Ok.]O..Ok.]ORichj.]O........................PE..L......S..................................... ....@..........................`.......J....@.................................."..x....@..................@....P..|....!..8............................!..@............ ...............................text...2........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..|....P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\VPDAgent.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):2673984
                                                                                                Entropy (8bit):6.865614554810881
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:BE8JxHX5r9sDQl7wDSMSFxvQ/qpyr0k0ha5XLDaDMPNw2x8pWTUKA76AeF8:BE8XHX5riUl7wDP6vQ/qpyr0kR5XLWDB
                                                                                                MD5:10CD2135C0C5D9D3E5A0A5B679F2FAAE
                                                                                                SHA1:A0617D8C6876F98B9A1819A71F2A56B965C1C75D
                                                                                                SHA-256:D7A97387505CA740AC88E85CAC3AA3CA73C666CC3BFD977C7E40B1D9D6CA6C12
                                                                                                SHA-512:6A1F81127FF26DCC235D7CE454E69F9A3784AC54BBC8486CB5022AAC47C2FB6003641A0F8AAFDD3B89812FE3C1C90569AD73C1C135687C042CE92C5DD2FFBDD8
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............zz..zz..zz.M...zz.+...zz.+...zz.+...zz.+...zz.f...zz..zz..zz.f..Oxz..z{..{z......zz.f...zz..(...zz..z...zz.f...zz.Rich.zz.........PE..L...h3.\............................5u............@.......................... ).......(...@.................................<.&.......'.H.............(.@.....'..n..................................0:&.@............................................text...5........................... ..`.rdata..............................@..@.data...<.....&..d....&.............@....rsrc...H.....'......8'.............@..@.reloc...n....'..p...>'.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\emf2pdf.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):1110848
                                                                                                Entropy (8bit):6.491478844569486
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:TqSQS800orApz53PI2GVqH7kpf/V57GGcP6T5m+moXafzb:tQSX0oAtkpf/bfcyTTmoozb
                                                                                                MD5:AB3E77FC94445A18C9376F98CE10102F
                                                                                                SHA1:9424736FB3DB517C5584A14A482F84D81A671F8D
                                                                                                SHA-256:EEE325D9AC6A7B24B8ED3742110BD042803D6DA065F2E51153151E69D51CE4A3
                                                                                                SHA-512:454115C621434E98D39AEC605FCEB349C7AFB938B3E822F5950EE60E54FBFCB5CDBFE750015FE947C07FB991B4E966E535640343294D885ED2661353D3FD6EC9
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........[.:..:..:....l.:....n.7:....o.:..d..:..d...:..d..:..u.V.:..?d...:..?d..:..?d..:..:..T:..?d..:..?d..:..:db.:..?d..:..Rich.:..........................PE..L......\...........!......................................................................@.............................|....&..d.......................@........l......p...............................@............................................text............................... ..`.rdata..p;.......<..................@..@.data...H;...@...*..................@....gfids..$............X..............@..@.rsrc................d..............@..@.reloc...l.......n...f..............@..B........................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\fwproc.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):22848
                                                                                                Entropy (8bit):6.464002114523214
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:2+b57Gk7g+iy21oCiDuK9jkrtpgjKMpFmexmMK6j8qF2:7/210DuVrtsKM3ZxBKghF2
                                                                                                MD5:2DE35EAAE57A6BAA02D9E8ED0661F042
                                                                                                SHA1:82D14A58D5188F5B7606365BE0E3F968A8E81E93
                                                                                                SHA-256:BB43036D202D3DBD765A12D1C4C243E7AB8328FFC1941AEA838D8B1553700E64
                                                                                                SHA-512:02F1D530C1469431A94074A057FCE3FE60735D3B15DD767E8F39F29B702B98B061954063D83D5FA426D7684CC86359E87424F0CC54FFB0AC3F388AA7E48D6DE0
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9Gf.}&.I}&.I}&.I;w.I|&.I;w.In&.I;w.Iy&.I;w.Iy&.It^.Ix&.I}&.I?&.I..I|&.Ipt.I|&.I}&.I|&.I..I|&.IRich}&.I................PE..L...k3.\.....................8......e".......0....@.......................................@.................................49..d....`..@............:..@....p......@1..8............................5..@............0...............................text...k........................... ..`.rdata..:....0......................@..@.data........@......................@....rsrc...@....`.......0..............@..@.reloc.......p.......6..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\pdfout.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):4005696
                                                                                                Entropy (8bit):6.809616089473951
                                                                                                Encrypted:false
                                                                                                SSDEEP:98304:lbR+lDT6t58JcKdTG57M06POn9rvBAUZLM8FAK:FR+lDOt5kgFvVwmd
                                                                                                MD5:2C5987EA1E87A5C073B780F8102AE09C
                                                                                                SHA1:78DAA99D8C59A4A2E0D3B59E5427F854D8613080
                                                                                                SHA-256:22AC34380064C0FFEE59AD892CA4695E94EE8F97B78C18565251295817A784FE
                                                                                                SHA-512:7D6432960C5F3BEC27B13D06D4126C91A1DD7DD702DE97F1001855D8572BE68D6526F419BB58F5E5238E8E8F81C801BDAD8F351EF0AE75564835146F3DD3434D
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.............3.......3.......3.............................fP8.............,......,.......,...Z...,.......).......,.......Rich....................PE..L......\...........!.....b"..0................"...............................=.....3.=...@.........................pA:......p:.d.....;...............=.@.....;.$.....6.p.....................6.....p.6.@.............".d............................text...9a"......b"................. ..`.rdata..(....."......f".............@..@.data.........:..j...f:.............@....gfids........;.......:.............@..@.tls..........;.......:.............@....rsrc.........;.......:.............@..@.reloc..$.....;.. ....:.............@..B................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\printer.ico

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows icon resource - 6 icons, 32x32, 4 bits/pixel, 16x16, 4 bits/pixel
                                                                                                Category:dropped
                                                                                                Size (bytes):10134
                                                                                                Entropy (8bit):5.364629779133003
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:75LkqDCmLVf89uqywWrvNCB4isySOc3AOv2B+YT1/44tuU+3:1OmLVf4dErvNCB5tSOc3AY2BP944g
                                                                                                MD5:6F70BD62A17EC5B677EC1129F594EE6F
                                                                                                SHA1:4FB95EB83A99C0DA62919C34886B0A3667F3911E
                                                                                                SHA-256:FC8570D50C1773A1B34AA4E31143FD0776E26FF032EE3EEB6DB8BFAB42B4A846
                                                                                                SHA-512:615A7E8738B2CF1BC47C8D5FC1357C1299080D0BAA1E54129D0DEBDB6BA60CD366364BE0BDAFDABCBA60F16544B0516A50B4B0182E8BCF01F59171003CE9B244
                                                                                                Malicious:false
                                                                                                Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@.....................................................................................................................................................x..............wx.............ww.............ww.x...........ww.xx..........ww.wxx..........w.wwxx...........wwwxx..........xwwwxx..........xwwwx...........xwww..x.........xww.wx.x........xw.wwwx.x.......x.w|.x.x.x........z.x.ww..x......x.x.ww....x......x..w....x.x......x.....p.x........x................x....................p................................p..........................................................................................................................................................................................................?...........?............(....... ..........................................................................................................x......w......w.x......wx.....wwx.....w

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\progressbar.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):39744
                                                                                                Entropy (8bit):6.36744082696392
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:TkzqOI138e1y6JMKxTrAogoAoaP7+qFXYiLxjdQzUQ9LSk3E0gTSsn2TkhI3K0Jn:TLqokSaddQzUNk3EXSsn2Tk4ZZxBKgfP
                                                                                                MD5:9ED8BAA9DEC76C6AFAFC1C71193A0AE8
                                                                                                SHA1:843727F195BF194CFF3736B80FB5249713F1E116
                                                                                                SHA-256:CD2C60402D46C339147ADDF110C904F78A783F23106CCAD147EFA156175D66DE
                                                                                                SHA-512:40D85540176AB0170B7341D6A8A808FD351B35C6444D468E7707B35D2B2E8F3322DBF0BF31E0578E3A12E1A62B310DD7983B7EFB0F2C72D0C4104AEB0BBCEFF9
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............b..b..b..3...b..3+..b..3*..b..3...b.Z....b...X..b..b..b.Z....b..0...b..b\..b.Z....b.Rich.b.................PE..L....3.\.................D...8.......I.......`....@.......................................@..................................s.......................|..@............b..8............................j..@............`...............................text....C.......D.................. ..`.rdata.......`... ...H..............@..@.data................h..............@....rsrc................l..............@..@.reloc...............t..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\properties.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):179520
                                                                                                Entropy (8bit):5.239011393842513
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:+vQrKBVxKfGkHM5ZZ+HHJOWfuXO8zIJ1k9XHX8t0wk7UAjKQpmErUaDO3nG:3kjiTGD+JOWGT00XHXo0w+mErBO3G
                                                                                                MD5:FF197487BFE7E9D3396E0793B83811ED
                                                                                                SHA1:D92CA066B79DF28BF22BB051AEDFE10E4FA4A2A6
                                                                                                SHA-256:E6D0CA844514FDD105772E72C7C30D47099112AB68A4A5F9E4A2B28C0372A05A
                                                                                                SHA-512:33A13B0EE7E3DD038B35B5E4220278016397D003DCEECA56C3EE264608E053940AAFC09AE582C0FD67DFA919F38265883269F6C1A93E5BB9047B97F4A51CACCE
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z............X.1....X......X.3....X........m......}....D3.........D.......5......y....D0....Rich...........................PE..L....3.\.................\..........8........p....@..........................0......T.....@.................................,5.......`..V...............@....... ....z..8...........................(...@............0..,............................text....[.......\.................. ..`.rdata...D...p...F...`..............@..@.data....l..........................@....idata...$...0...&..................@..@.rsrc...V....`......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\rppd.lng

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):98650
                                                                                                Entropy (8bit):4.192473934109759
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:5rENOwVRq6rZmor3CmRxhESLGZ0s1JP2PY6rZIshvwmE2uJJ6rZqDJK1YRo6rZGx:S9miFao0WDn
                                                                                                MD5:1614E6CDF119FD284D476F7E6723B3AD
                                                                                                SHA1:3FF9164C9E5FC47169CC1C6EECA22AAB099F2EA3
                                                                                                SHA-256:C8DF350F95FFEEED30060092DC8666EADCE040A4DDCB98E7A9293F87D19387A8
                                                                                                SHA-512:8FBCB156B2F9637BC15FA71758A361CB2500F5A19875EE6BE2B52FC3171C38353A6CDC623E36777D052E0B319C7AF934D2D1DBE92E69666C9B9AD749610BA471
                                                                                                Malicious:false
                                                                                                Preview:..[.E.n.g.l.i.s.h.].....L.a.n.g.I.D.=.1.0.3.3.....;. .l.o.o.k. .f.o.r. .l.a.n.g.u.a.g.e. .i.d.e.n.t.i.f.i.e.r.s. .i.n. .M.S.D.N. .-. .'.T.a.b.l.e. .o.f. .L.a.n.g.u.a.g.e. .I.d.e.n.t.i.f.i.e.r.s.'. .t.o.p.i.c.........;. .S.T.A.N.D.A.R.D. .D.I.A.L.O.G. .B.U.T.T.O.N.S.:.........1.=.O.K.....2.=.C.a.n.c.e.l.........;. .P.R.I.N.T.I.N.G. .P.R.E.F.E.R.E.N.C.E.S.:.........;. .C.o.m.m.o.n. .s.t.r.i.n.g.s.....;. .b.i.t.s. .p.e.r. .p.i.x.e.l.....5.0.0.0. .=. .1. .b.i.t. .-. .b.l.a.c.k. .a.n.d. .w.h.i.t.e.....5.0.0.1. .=. .4. .b.i.t.s. .-. .1.6. .c.o.l.o.r.s.....5.0.0.2. .=. .8. .b.i.t.s. .-. .2.5.6. .c.o.l.o.r.s.....5.0.0.3. .=. .2.4. .b.i.t.s. .-. .t.r.u.e. .c.o.l.o.r.........;. .C.o.m.p.r.e.s.s.i.o.n.....5.0.0.4. .=. .N.o.n.e.....5.0.0.5. .=. .A.u.t.o.m.a.t.i.c.....5.0.0.6. .=. .C.C.I.T.T. .m.o.d.i.f.i.e.d. .H.u.f.f.m.a.n. .R.L.E.....5.0.0.7. .=. .C.C.I.T.T. .G.r.o.u.p. .3. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.8. .=. .C.C.I.T.T. .G.r.o.u.p. .4. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.9. .=. .L.e.m.p.e.

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\srvinst.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):53056
                                                                                                Entropy (8bit):6.556803642202102
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:AqfYixknAt1kJSwlxeZQHPFtuEK+XLxSzELK4ZHZxBKgCu:8ixknqaxxeZ09tVr7xkyZ5ncu
                                                                                                MD5:A7A19BFD82EEAE7D4DC00144F3B949F4
                                                                                                SHA1:FBD6EF10A7D519386CB32B093AE7E42852BAECBD
                                                                                                SHA-256:A32A93B71A5628EDFC19FD31D26AC60DAF364E89CFDA2C82071718814042BE55
                                                                                                SHA-512:5AC0F6A0FDAAB8B832B0021948101ABD1C8AF8B79E0C02D60770DF22D945D669AE7D588BD3264F9991E11CBAB01A445AAC9B594B47171C68A6A7BDC3FBB8D962
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3..3..3..uO..1..uO.. ..uO,.7..uO..6..3..S..:fb.4.....1..>L*.2..3.f.2.../.2..Rich3..........................PE..L...j3.\.................v...:......Ez............@.................................Ul....@.................................t...x.......@...............@...............8..............................@...............|............................text....u.......v.................. ..`.rdata... ......."...z..............@..@.data...............................@....rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpd_sdk.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):2772288
                                                                                                Entropy (8bit):6.917291195041145
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:UuZqJvz7GHYFVw8vfMVDpaLGtH3uSvQ/qpyr0kiU6HoCPLG5gzyUxChRebU:UuZqJvz7GHGVfvfMVDNNxvQ/qpyr0kpj
                                                                                                MD5:9FD469846E628F44A4147743875FFBC0
                                                                                                SHA1:6065C496D7C2695F3678D945FFA3FEFFBCD83C53
                                                                                                SHA-256:129C2D91F085E54FD9E333C6F580A16907A1D9659D823D6C7CB25F5D3CE55CC8
                                                                                                SHA-512:5AF5DD95BE604E039337D153CED2B9D3FE33F2E05818E3A222FDD9F7B3381197CCF3CA39324F46CA95B81DF76624F0EF4A0CF045195640E58B9A233D092F43AB
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u.&.1fH.1fH.1fH....8fH.w7..<fH.w7..<fH.w7..5fH.w7..6fH.8..$fH.1fI.^gH.1fH.&fH......dH......fH.....,fH.....0fH.<4..0fH.....0fH.Rich1fH.................PE..L...,..[...........!.........j......#......... ...............................*.....N.*...@.........................p.'..:..T.(.......)...............*.@.....).8|..0. .8............................8'.@............. .h............................text............................... ..`.rdata...-.... ....... .............@..@.data........@(..~...0(.............@....rsrc.........).......(.............@..@.reloc..8|....)..~....(.............@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpdisp.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):2991424
                                                                                                Entropy (8bit):6.7900679594310915
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:kz1BQT/9rrcXgJoHt3LhNSTuHo6E7hVNO8B/3LUvQ/qpyr0kRZTKjEKMUP9isAxI:kz1BI5U3lNS6Ho6E7vBRIvQ/qpyr0kuF
                                                                                                MD5:829DD10CD377386A2040897F5288DDB0
                                                                                                SHA1:A7B1C7A6C0E1C9641750E8150EE810530FB67DD0
                                                                                                SHA-256:5753F66DBC480901955DE247117F3C1E99777B1A610C90931E50C374F8B1D888
                                                                                                SHA-512:C6B915EBF7B1C023FBB2E06FB169857539253CFA2B5B5C770DF5A43896AF8A0C847796E3F82C6109778F11D7FE3976DA172E1E0E6EACCD1C82DBAEB80ADAB4F5
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$............j...j...j..V.u..j...;m..j...;R..j...;o..j...;S..j....!..j..}.o..j...j...j..}.R.3h..}.S..j.._4...j...j..Ah..}.W..j..}.n..j...8i..j...j%..j..}.l..j..Rich.j..........................PE..L....3.\..................!...........!......."...@...........................-.....;.....@...........................+.+.....+.......,.@.............-.@.....,..C...................................w+.@............."..............................text...g.!.......!................. ..`.rdata..$.....".......".............@..@.data....~....,..N....+.............@....rsrc...@.....,......<,.............@..@.reloc...C....,..D...B,.............@..B................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcp120.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):660128
                                                                                                Entropy (8bit):6.339798513733826
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:N2fus43uu43Ry4GHlT4xH2K+M+/i+WSpY+7YOzCaK9A3gS2EKZm+GWodEEwnyh:muJzCaK9AB2EKZm+GWodEEwnyh
                                                                                                MD5:46060C35F697281BC5E7337AEE3722B1
                                                                                                SHA1:D0164C041707F297A73ABB9EA854111953E99CF1
                                                                                                SHA-256:2ABF0AAB5A3C5AE9424B64E9D19D9D6D4AEBC67814D7E92E4927B9798FEF2848
                                                                                                SHA-512:2CF2ED4D45C79A6E6CEBFA3D332710A97F5CF0251DC194EEC8C54EA0CB85762FD19822610021CCD6A6904E80AFAE1590A83AF1FA45152F28CA56D862A3473F0A
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;..h..h..h..[h..h..h..h..Mh..hIAWh..h..Oh..h..qh..h..ph..h..uh..h..Lh..h..Kh..h..Nh..hRich..h................PE..d.....OR.........." .....@...................................................`......a.....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcr120.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):963232
                                                                                                Entropy (8bit):6.634408584960502
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl
                                                                                                MD5:9C861C079DD81762B6C54E37597B7712
                                                                                                SHA1:62CB65A1D79E2C5ADA0C7BFC04C18693567C90D0
                                                                                                SHA-256:AD32240BB1DE55C3F5FCAC8789F583A17057F9D14914C538C2A7A5AD346B341C
                                                                                                SHA-512:3AA770D6FBA8590FDCF5D263CB2B3D2FAE859E29D31AD482FBFBD700BCD602A013AC2568475999EF9FB06AE666D203D97F42181EC7344CBA023A8534FB13ACB7
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ck.."..".."..D...".."..-"...s..$ ...s.."...s.."...s.. "...s.."...s.."...s.."..Rich."..........................PE..d.....OR.........." .....h...:.......)..............................................].....`.................................................@...(............@...s...t...>......8...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata...s...@...t..................@..@.rsrc................^..............@..@.reloc..8............b..............@..B........................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\ntprint.inf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Windows setup INFormation
                                                                                                Category:dropped
                                                                                                Size (bytes):9698
                                                                                                Entropy (8bit):3.8395767056459316
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:jxUPudWfG9sPEd5yVplXhzPGeQ6cGIDGzBs+2o5WcicJXoNaTXy:jyxFeGIDIFXoNT
                                                                                                MD5:6476F7217D9D6372361B9E49D701FB99
                                                                                                SHA1:E1155AB2ACC8A9C9B3C83D1E98F816B84B5E7E25
                                                                                                SHA-256:6135D3C9956A00C22615E53D66085DABBE2FBB93DF7B0CDF5C4F7F7B3829F58B
                                                                                                SHA-512:B27ABD8ED640A72424B662AE5C529CDDA845497DC8BD6B67B0B44AE9CDD5E849F627E1735108B2DF09DD6EF83AD1DE6FAA1AD7A6727B5D7A7985F92A92CA0779
                                                                                                Malicious:false
                                                                                                Preview:..............;. .N.T.P.R.I.N.T...I.N.F. .(.f.o.r. .W.i.n.d.o.w.s. .S.e.r.v.e.r. .2.0.0.3. .f.a.m.i.l.y.).....;.....;. .L.i.s.t. .o.f. .s.u.p.p.o.r.t.e.d. .p.r.i.n.t.e.r.s.,. .m.a.n.u.f.a.c.t.u.r.e.r.s.....;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e.=.".$.W.i.n.d.o.w.s. .N.T.$.".....P.r.o.v.i.d.e.r.=.".M.i.c.r.o.s.o.f.t.".....C.l.a.s.s.G.U.I.D.=.{.4.D.3.6.E.9.7.9.-.E.3.2.5.-.1.1.C.E.-.B.F.C.1.-.0.8.0.0.2.B.E.1.0.3.1.8.}.....C.l.a.s.s.=.P.r.i.n.t.e.r.....C.a.t.a.l.o.g.F.i.l.e.=.n.t.p.r.i.n.t...c.a.t.....D.r.i.v.e.r.I.s.o.l.a.t.i.o.n.=.2.....D.r.i.v.e.r.V.e.r.=.0.6./.2.1./.2.0.0.6.,.6...1...7.6.0.0...1.6.3.8.5.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....".M.i.c.r.o.s.o.f.t.".=.M.i.c.r.o.s.o.f.t.,.N.T.a.m.d.6.4.........[.M.i.c.r.o.s.o.f.t...N.T.a.m.d.6.4.].....".{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.E.7.9.F.0.}.". .=. .{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.E.7.9.F.0.}.,. .{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\printer.ico

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows icon resource - 6 icons, 32x32, 4 bits/pixel, 16x16, 4 bits/pixel
                                                                                                Category:dropped
                                                                                                Size (bytes):10134
                                                                                                Entropy (8bit):5.364629779133003
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:75LkqDCmLVf89uqywWrvNCB4isySOc3AOv2B+YT1/44tuU+3:1OmLVf4dErvNCB5tSOc3AY2BP944g
                                                                                                MD5:6F70BD62A17EC5B677EC1129F594EE6F
                                                                                                SHA1:4FB95EB83A99C0DA62919C34886B0A3667F3911E
                                                                                                SHA-256:FC8570D50C1773A1B34AA4E31143FD0776E26FF032EE3EEB6DB8BFAB42B4A846
                                                                                                SHA-512:615A7E8738B2CF1BC47C8D5FC1357C1299080D0BAA1E54129D0DEBDB6BA60CD366364BE0BDAFDABCBA60F16544B0516A50B4B0182E8BCF01F59171003CE9B244
                                                                                                Malicious:false
                                                                                                Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@.....................................................................................................................................................x..............wx.............ww.............ww.x...........ww.xx..........ww.wxx..........w.wwxx...........wwwxx..........xwwwxx..........xwwwx...........xwww..x.........xww.wx.x........xw.wwwx.x.......x.w|.x.x.x........z.x.ww..x......x.x.ww....x......x..w....x.x......x.....p.x........x................x....................p................................p..........................................................................................................................................................................................................?...........?............(....... ..........................................................................................................x......w......w.x......wx.....wwx.....w

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppd.gpd

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):17415
                                                                                                Entropy (8bit):4.618177193109944
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:U1EQCr2g2t2g2F2s2J2m2p2z2ZOgoNJUTIZah25Dy:3oLILwfcV86ZO3eTIZzy
                                                                                                MD5:8EE7FD65170ED9BD408E0C821171B62A
                                                                                                SHA1:9D14A87A049C3B576CEC4B28210F0C95B94E08E0
                                                                                                SHA-256:EE1E4D9869188CC3FA518C445ECF071845E5BD8BE56767A9F7F7DD3ACE294BA5
                                                                                                SHA-512:5740AB3545D2217BA2156C58BA9AF6681D73116AB5DFBEAA5AB615D9CD0C77716C25865E67188E9D7892B340776755D4CBB1A3E98FAEAF8B6BB4B2CCA00D8AE6
                                                                                                Malicious:false
                                                                                                Preview:*GPDSpecVersion: "1.0"..*GPDFileVersion: "1.0"..*GPDFileName: "***.GPD"..*Include: "STDNAMES_VPD.GPD"..*ModelName: "****"..*MasterUnits: PAIR(40800, 117600)..*ResourceDLL: "UNIRES_VPD.DLL"..*PrinterType: PAGE..*MaxCopies: 99....*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "".. }.. }.. *Option: LANDSCAPE_CC270.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: AUTO...*Option: AUTO.. {.. *rcNameID: =AUTO_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "".. }.. }.. *Option: CASSETTE.. {.. *rcNameID:

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppd.ini

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):41
                                                                                                Entropy (8bit):4.479503224130278
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:z8ANyq3jII7Vc:z8cy2lc
                                                                                                MD5:035B163A3E4C308F617C05E0137FAFD0
                                                                                                SHA1:484238C9C05805F1CA5A97FA58950253B7F9FCBE
                                                                                                SHA-256:00CA9230DBAC7FF222CA837AA796496FF4B9B15E0552D3D5AD26B040E2BAB8D7
                                                                                                SHA-512:3EB65CF86C3C71944C8100F90C60604DB4EA69CB187F8E473601845EB4520148CF3779762EF997DC5C14FE8A2269B928448DDF0338A4F172C0460FA0D6F29798
                                                                                                Malicious:false
                                                                                                Preview:[OEMFiles] ..OEMConfigFile1=rppdui.dll ..

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppd.lng

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):98650
                                                                                                Entropy (8bit):4.192473934109759
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:5rENOwVRq6rZmor3CmRxhESLGZ0s1JP2PY6rZIshvwmE2uJJ6rZqDJK1YRo6rZGx:S9miFao0WDn
                                                                                                MD5:1614E6CDF119FD284D476F7E6723B3AD
                                                                                                SHA1:3FF9164C9E5FC47169CC1C6EECA22AAB099F2EA3
                                                                                                SHA-256:C8DF350F95FFEEED30060092DC8666EADCE040A4DDCB98E7A9293F87D19387A8
                                                                                                SHA-512:8FBCB156B2F9637BC15FA71758A361CB2500F5A19875EE6BE2B52FC3171C38353A6CDC623E36777D052E0B319C7AF934D2D1DBE92E69666C9B9AD749610BA471
                                                                                                Malicious:false
                                                                                                Preview:..[.E.n.g.l.i.s.h.].....L.a.n.g.I.D.=.1.0.3.3.....;. .l.o.o.k. .f.o.r. .l.a.n.g.u.a.g.e. .i.d.e.n.t.i.f.i.e.r.s. .i.n. .M.S.D.N. .-. .'.T.a.b.l.e. .o.f. .L.a.n.g.u.a.g.e. .I.d.e.n.t.i.f.i.e.r.s.'. .t.o.p.i.c.........;. .S.T.A.N.D.A.R.D. .D.I.A.L.O.G. .B.U.T.T.O.N.S.:.........1.=.O.K.....2.=.C.a.n.c.e.l.........;. .P.R.I.N.T.I.N.G. .P.R.E.F.E.R.E.N.C.E.S.:.........;. .C.o.m.m.o.n. .s.t.r.i.n.g.s.....;. .b.i.t.s. .p.e.r. .p.i.x.e.l.....5.0.0.0. .=. .1. .b.i.t. .-. .b.l.a.c.k. .a.n.d. .w.h.i.t.e.....5.0.0.1. .=. .4. .b.i.t.s. .-. .1.6. .c.o.l.o.r.s.....5.0.0.2. .=. .8. .b.i.t.s. .-. .2.5.6. .c.o.l.o.r.s.....5.0.0.3. .=. .2.4. .b.i.t.s. .-. .t.r.u.e. .c.o.l.o.r.........;. .C.o.m.p.r.e.s.s.i.o.n.....5.0.0.4. .=. .N.o.n.e.....5.0.0.5. .=. .A.u.t.o.m.a.t.i.c.....5.0.0.6. .=. .C.C.I.T.T. .m.o.d.i.f.i.e.d. .H.u.f.f.m.a.n. .R.L.E.....5.0.0.7. .=. .C.C.I.T.T. .G.r.o.u.p. .3. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.8. .=. .C.C.I.T.T. .G.r.o.u.p. .4. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.9. .=. .L.e.m.p.e.

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdpm.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):35648
                                                                                                Entropy (8bit):6.365966080243848
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:nE2YHORRn1SNBaiAL3X8jARHb2Os7fAK6ncZxBKg1xDo:E862HbPs7otEnzNo
                                                                                                MD5:68EA0EC529B7B9D3284D860F5ABD9BB4
                                                                                                SHA1:1A3951538D9E79F09792C8B118F010834A6C1273
                                                                                                SHA-256:EE963C5960F6687789004175C3DF0098331BEBBCE992BF9C73EF9EF6ED73C1E0
                                                                                                SHA-512:E62D2CFCA2433F4D647A5658141D63093D75491C60D1647F41FFDE74308BDF1A512DEBCC4A4535CE6FC9DE1ACB149D135D89366FE75FC9C52AA709C8887D7A28
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p.....................i'......i1......i6.........z....i!.............i ......i;..............i&......i#.....Rich............PE..d....4.\.........." .....V..........|P....................................................@..........................................d..W....[..................`....l..@........... ................................................................................text...'U.......V.................. ..`.data...4....p.......Z..............@....pdata..`............b..............@..@.rsrc................f..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdui.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):204096
                                                                                                Entropy (8bit):5.820956822859452
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:co2/UxSJBXgK5IsZsYMNV7jWCQQD9KdtvB1WOAahmRF:co284/XgGfbuYAKdf1WOAaO
                                                                                                MD5:126C2BCC9112266CE33F9835A1E44B9C
                                                                                                SHA1:B16C0D19797C7A0CC665BC8346ECF453234A83A4
                                                                                                SHA-256:2736C2919966D17F27A34D69A7253CD4C2D09C6F7CF9FC03597F27BC73C0BDC2
                                                                                                SHA-512:C25FC46CA2D8DAAD868FA2B5F1BA6CCAAC7F919C8C7CBB86952741B493D27E79EC8C7FD5F124A704B78F4197E6F3812D0FE0F64BC00117EE2AC09B41FAE85308
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................dD....\....c....^....b..........R.......5Zf...5Zb...5Z_....X........5Z]...Rich...........................PE..d....4.\.........." .................~....................................................`..........................................G..l...\H..........(.......<.......@...............................................p............................................text...-........................... ..`.rdata..Z...........................@..@.data...ph...`.......@..............@....pdata..<............X..............@..@.rsrc...(............n..............@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\setupdrv.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):102208
                                                                                                Entropy (8bit):6.071111727952987
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:8Fqz3IwGZjZ8lt0nt0NhuGO7o6LJ/TJhjYEOYULzEnr:MwYrZNQCnKhnOtthUEOYULzEr
                                                                                                MD5:CC0E2455CFF19B3585C9FA781428E88E
                                                                                                SHA1:93EC9326F0CEE4E7F385525B03DDF0DF89A409E8
                                                                                                SHA-256:AF24B7E339CC6B80ECF7B45050533E8227D6491EED2FD8C3FF2BF22406B027AA
                                                                                                SHA-512:B995CD999B36B9BD3DC8BE60A7576701CB91D18DF21934521C578047CD135C91F1027058198B1867A4D46804C0514523B370ECEC0E6691A041189011E31166A6
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C.."..."..."..+.l.."...st.."...sK.."...sv.."...sJ.."...Z8.."..."..."....N.."...pp.."..."<.."....u.."..Rich."..................PE..d...)4.\.........."............................@....................................R.....`..................................................[..........x............p..@...............8............................7..p...............P............................text...=........................... ..`.rdata...g.......h..................@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc................d..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\stdnames_vpd.gpd

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):14366
                                                                                                Entropy (8bit):4.1817849062232195
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:NjThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:yFzOnS7z0
                                                                                                MD5:7162D8977515A446D2C1E139DA59DED5
                                                                                                SHA1:952F696C463B8410B1FA93A3B2B6DAE416A81867
                                                                                                SHA-256:2835A439C6AE22074BC3372491CB71E6C2B72D0C87AE3EEE6065C6CAADF1E5C8
                                                                                                SHA-512:508F7CA3D4BC298534AB058F182755851051684F8D53306011F03875804C95E427428BD425DD13633EEC79748BB64E78AAD43E75B70CC5A3F0F4E6696DBB6D8E
                                                                                                Malicious:false
                                                                                                Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires_vpd.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrv_rppd.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):487232
                                                                                                Entropy (8bit):6.340203111317007
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:MgjhSyqP1a/eVqxFxNCAiG3XyJ/2TxbfsEkhy+0F+K8lJrZdwwSvr:MglSTPaRxFdLXyJ/ebEEkx0rqJduJ
                                                                                                MD5:AD6C433A57BE03EE0C75076D6FE99CD5
                                                                                                SHA1:219EE785F2C8127DAA44B298B5B2B096FCCE8D12
                                                                                                SHA-256:8A180D92A2C879A3384D24A38EC8C9FD6BFD183935E61DA0B97F1C67A7EC9EA7
                                                                                                SHA-512:041FB9165068D0EA879632B883B3E247336A3BB159ED46AE053B60D074A0BB231FA2DEEDD6CB2BA17AACB771413A86A3F970480AF7A2311E51702288D3B9A30E
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................&.....7.......W.... .....0.....!.....:...d......'....."....Rich............................PE..d...w.[J.........." .........8......d..........t.....................................b....@..........................................4..........x....p.......@...(...P..@............!..8............................................0...............................text...O........................... ..`.rdata.......0......................@..@.data...x.... ......................@....pdata...(...@...*..................@..@.rsrc........p.......B..............@..@.reloc...............F..............@..B..[J@...+.[JK.....[JU.....[Jb...+.[JK.....[Jo.....[Jy...........msvcrt.dll.NTDLL.DLL.WINSPOOL.DRV.KERNEL32.dll.ole32.dll.GDI32.dll..............................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrv_rppd.hlp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                                                Category:dropped
                                                                                                Size (bytes):21225
                                                                                                Entropy (8bit):3.9923245636306675
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                                                MD5:6798F64959C913673BD66CD4E47F4A65
                                                                                                SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                                                SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                                                SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                                                Malicious:false
                                                                                                Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrvui_rppd.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):892224
                                                                                                Entropy (8bit):6.044434154548935
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:qpvsrQZu8F/bY6Pgx2B8UNG2Ql20gcwtH2qMP23so2:kZ5F/bYogxJUB9cwtHFMDp
                                                                                                MD5:BB98224B0CB6F17D61AA24D7A46A08C5
                                                                                                SHA1:DB78D1161EAA0C691DF76D1B6D7CC98793007BCE
                                                                                                SHA-256:23A30F94360D710BB020DF76E7846AB991EDD6CA3C7F685AECF6CD1A019D451A
                                                                                                SHA-512:D74291E8556911B77588D63EB20DB5D6642C31FEDD9EE186AE62D53C705F0CDBE14725ECBB8FC5FE770F45DFF05731EEBB2063A33BB78DF70B73CDCF4E86C465
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y'..I...I...I..`...I..`...I...H.R.I..`...I..`...I..`...I..`...I...7...I..`...I..`...I.Rich..I.................PE..d.....[J.........." .....$...V.................v....................................O.....@........................................../..{.... .................../...~..@...........`...................................................0............................text...[".......$.................. ..`.data....5...@...0...(..............@....pdata.../.......0...X..............@..@.rsrc...............................@..@.reloc..0............j..............@..B..[J`...+.[Jk...5.[Ju.....[J......[J......[J....+.[Jk.....[J......[J......[J......[J............msvcrt.dll.NTDLL.DLL.RPCRT4.dll.ole32.dll.USER32.dll.KERNEL32.dll.VERSION.dll.WINSPOOL.DRV.GDI32.dll.OLEAUT32.dll...............................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unires_vpd.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):770368
                                                                                                Entropy (8bit):5.630939020655746
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:+kozBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLd:SzBEGbL4Np84TQazCSiRd
                                                                                                MD5:A0D2853BE8043F5FC4FEE04CFE5A8293
                                                                                                SHA1:4FDF21E578739ABB4BCC938568F27897E733E229
                                                                                                SHA-256:1D8C77B674F8294DB39B2CDE2873BDE5A2F6EBD65E14CAEEB58FBA94C92C1F3D
                                                                                                SHA-512:FC5CE23DF55EF277D6DB898D5620697A3A061A5DD9BE63145CE71B966905CAC41B9785121709A2A0DCF8F90B76F484FAB619EB8DB40A873A867468ECF1620F99
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u..E...E...E...Ll..D...Ll..D...RichE...................PE..d.....[J.........." ..........................@...........................................@.............................................................0...............@............................................................................................rsrc...............................@..@........................................0...8.......P.......................@...........................................r.......s...x...t...8...u.......v.......w...0...x.......y...........(...............................X.......(...............................h...............P....................................................................................................... .......8.......P.......h............................................................................................... .......0...

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\vccorlib120.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):356528
                                                                                                Entropy (8bit):5.917051105867173
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:0g5dgFfqaKFJyHrByeUIRAHq0KzS9OAgfVgYCDlSv:0OdcUIRAHqAeX0a
                                                                                                MD5:BDD8AE768DBF3E6C65D741CB3880B8A7
                                                                                                SHA1:91B01FD48A586822C1D81CA80B950F8639CCE78C
                                                                                                SHA-256:602ADD77CBD807D02306DE1D0179CB71A908EECB11677116FC206A7E714AB6D6
                                                                                                SHA-512:7840554A66F033E556CF02772B8B3749C593657CA254E0F2DBD93B05F4600E11BA821EBA8FC038115C038B5E5AF2F8D2CF0A5AE1F1362E813CF0B5041BBBFF94
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.@.'.@.'.@....!.@.a...#.@.....&.@.a...%.@.a...*.@.a.../.@..P.. .@.'.A.T.@.a...6.@.a...&.@.a...&.@.a...&.@.Rich'.@.........PE..d...}.OR.........." .....n...........L...................................................`..............................................>...D.......P..........."...2...>...`......................................`...p............................................text....l.......n.................. ..`.rdata...............r..............@..@.data...x....`.......F..............@....pdata...".......$..................@..@minATL.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcp120.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):455328
                                                                                                Entropy (8bit):6.698367093574994
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                                MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                                SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                                SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                                SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcr120.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):970912
                                                                                                Entropy (8bit):6.9649735952029515
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\ntprint.inf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Windows setup INFormation
                                                                                                Category:dropped
                                                                                                Size (bytes):9698
                                                                                                Entropy (8bit):3.8395767056459316
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:jxUPudWfG9sPEd5yVplXhzPGeQ6cGIDGzBs+2o5WcicJXoNaTXy:jyxFeGIDIFXoNT
                                                                                                MD5:6476F7217D9D6372361B9E49D701FB99
                                                                                                SHA1:E1155AB2ACC8A9C9B3C83D1E98F816B84B5E7E25
                                                                                                SHA-256:6135D3C9956A00C22615E53D66085DABBE2FBB93DF7B0CDF5C4F7F7B3829F58B
                                                                                                SHA-512:B27ABD8ED640A72424B662AE5C529CDDA845497DC8BD6B67B0B44AE9CDD5E849F627E1735108B2DF09DD6EF83AD1DE6FAA1AD7A6727B5D7A7985F92A92CA0779
                                                                                                Malicious:false
                                                                                                Preview:..............;. .N.T.P.R.I.N.T...I.N.F. .(.f.o.r. .W.i.n.d.o.w.s. .S.e.r.v.e.r. .2.0.0.3. .f.a.m.i.l.y.).....;.....;. .L.i.s.t. .o.f. .s.u.p.p.o.r.t.e.d. .p.r.i.n.t.e.r.s.,. .m.a.n.u.f.a.c.t.u.r.e.r.s.....;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e.=.".$.W.i.n.d.o.w.s. .N.T.$.".....P.r.o.v.i.d.e.r.=.".M.i.c.r.o.s.o.f.t.".....C.l.a.s.s.G.U.I.D.=.{.4.D.3.6.E.9.7.9.-.E.3.2.5.-.1.1.C.E.-.B.F.C.1.-.0.8.0.0.2.B.E.1.0.3.1.8.}.....C.l.a.s.s.=.P.r.i.n.t.e.r.....C.a.t.a.l.o.g.F.i.l.e.=.n.t.p.r.i.n.t...c.a.t.....D.r.i.v.e.r.I.s.o.l.a.t.i.o.n.=.2.....D.r.i.v.e.r.V.e.r.=.0.6./.2.1./.2.0.0.6.,.6...1...7.6.0.0...1.6.3.8.5.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....".M.i.c.r.o.s.o.f.t.".=.M.i.c.r.o.s.o.f.t.,.N.T.a.m.d.6.4.........[.M.i.c.r.o.s.o.f.t...N.T.a.m.d.6.4.].....".{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.E.7.9.F.0.}.". .=. .{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.E.7.9.F.0.}.,. .{.D.2.0.E.A.3.7.2.-.D.D.3.5.-.4.9.5.0.-.9.E.D.8.-.A.6.3.3.5.A.F.

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\printer.ico

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows icon resource - 6 icons, 32x32, 4 bits/pixel, 16x16, 4 bits/pixel
                                                                                                Category:dropped
                                                                                                Size (bytes):10134
                                                                                                Entropy (8bit):5.364629779133003
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:75LkqDCmLVf89uqywWrvNCB4isySOc3AOv2B+YT1/44tuU+3:1OmLVf4dErvNCB5tSOc3AY2BP944g
                                                                                                MD5:6F70BD62A17EC5B677EC1129F594EE6F
                                                                                                SHA1:4FB95EB83A99C0DA62919C34886B0A3667F3911E
                                                                                                SHA-256:FC8570D50C1773A1B34AA4E31143FD0776E26FF032EE3EEB6DB8BFAB42B4A846
                                                                                                SHA-512:615A7E8738B2CF1BC47C8D5FC1357C1299080D0BAA1E54129D0DEBDB6BA60CD366364BE0BDAFDABCBA60F16544B0516A50B4B0182E8BCF01F59171003CE9B244
                                                                                                Malicious:false
                                                                                                Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@.....................................................................................................................................................x..............wx.............ww.............ww.x...........ww.xx..........ww.wxx..........w.wwxx...........wwwxx..........xwwwxx..........xwwwx...........xwww..x.........xww.wx.x........xw.wwwx.x.......x.w|.x.x.x........z.x.ww..x......x.x.ww....x......x..w....x.x......x.....p.x........x................x....................p................................p..........................................................................................................................................................................................................?...........?............(....... ..........................................................................................................x......w......w.x......wx.....wwx.....w

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppd.gpd

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):17415
                                                                                                Entropy (8bit):4.618177193109944
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:U1EQCr2g2t2g2F2s2J2m2p2z2ZOgoNJUTIZah25Dy:3oLILwfcV86ZO3eTIZzy
                                                                                                MD5:8EE7FD65170ED9BD408E0C821171B62A
                                                                                                SHA1:9D14A87A049C3B576CEC4B28210F0C95B94E08E0
                                                                                                SHA-256:EE1E4D9869188CC3FA518C445ECF071845E5BD8BE56767A9F7F7DD3ACE294BA5
                                                                                                SHA-512:5740AB3545D2217BA2156C58BA9AF6681D73116AB5DFBEAA5AB615D9CD0C77716C25865E67188E9D7892B340776755D4CBB1A3E98FAEAF8B6BB4B2CCA00D8AE6
                                                                                                Malicious:false
                                                                                                Preview:*GPDSpecVersion: "1.0"..*GPDFileVersion: "1.0"..*GPDFileName: "***.GPD"..*Include: "STDNAMES_VPD.GPD"..*ModelName: "****"..*MasterUnits: PAIR(40800, 117600)..*ResourceDLL: "UNIRES_VPD.DLL"..*PrinterType: PAGE..*MaxCopies: 99....*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "".. }.. }.. *Option: LANDSCAPE_CC270.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: AUTO...*Option: AUTO.. {.. *rcNameID: =AUTO_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "".. }.. }.. *Option: CASSETTE.. {.. *rcNameID:

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppd.ini

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):41
                                                                                                Entropy (8bit):4.479503224130278
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:z8ANyq3jII7Vc:z8cy2lc
                                                                                                MD5:035B163A3E4C308F617C05E0137FAFD0
                                                                                                SHA1:484238C9C05805F1CA5A97FA58950253B7F9FCBE
                                                                                                SHA-256:00CA9230DBAC7FF222CA837AA796496FF4B9B15E0552D3D5AD26B040E2BAB8D7
                                                                                                SHA-512:3EB65CF86C3C71944C8100F90C60604DB4EA69CB187F8E473601845EB4520148CF3779762EF997DC5C14FE8A2269B928448DDF0338A4F172C0460FA0D6F29798
                                                                                                Malicious:false
                                                                                                Preview:[OEMFiles] ..OEMConfigFile1=rppdui.dll ..

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppd.lng

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):98650
                                                                                                Entropy (8bit):4.192473934109759
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:5rENOwVRq6rZmor3CmRxhESLGZ0s1JP2PY6rZIshvwmE2uJJ6rZqDJK1YRo6rZGx:S9miFao0WDn
                                                                                                MD5:1614E6CDF119FD284D476F7E6723B3AD
                                                                                                SHA1:3FF9164C9E5FC47169CC1C6EECA22AAB099F2EA3
                                                                                                SHA-256:C8DF350F95FFEEED30060092DC8666EADCE040A4DDCB98E7A9293F87D19387A8
                                                                                                SHA-512:8FBCB156B2F9637BC15FA71758A361CB2500F5A19875EE6BE2B52FC3171C38353A6CDC623E36777D052E0B319C7AF934D2D1DBE92E69666C9B9AD749610BA471
                                                                                                Malicious:false
                                                                                                Preview:..[.E.n.g.l.i.s.h.].....L.a.n.g.I.D.=.1.0.3.3.....;. .l.o.o.k. .f.o.r. .l.a.n.g.u.a.g.e. .i.d.e.n.t.i.f.i.e.r.s. .i.n. .M.S.D.N. .-. .'.T.a.b.l.e. .o.f. .L.a.n.g.u.a.g.e. .I.d.e.n.t.i.f.i.e.r.s.'. .t.o.p.i.c.........;. .S.T.A.N.D.A.R.D. .D.I.A.L.O.G. .B.U.T.T.O.N.S.:.........1.=.O.K.....2.=.C.a.n.c.e.l.........;. .P.R.I.N.T.I.N.G. .P.R.E.F.E.R.E.N.C.E.S.:.........;. .C.o.m.m.o.n. .s.t.r.i.n.g.s.....;. .b.i.t.s. .p.e.r. .p.i.x.e.l.....5.0.0.0. .=. .1. .b.i.t. .-. .b.l.a.c.k. .a.n.d. .w.h.i.t.e.....5.0.0.1. .=. .4. .b.i.t.s. .-. .1.6. .c.o.l.o.r.s.....5.0.0.2. .=. .8. .b.i.t.s. .-. .2.5.6. .c.o.l.o.r.s.....5.0.0.3. .=. .2.4. .b.i.t.s. .-. .t.r.u.e. .c.o.l.o.r.........;. .C.o.m.p.r.e.s.s.i.o.n.....5.0.0.4. .=. .N.o.n.e.....5.0.0.5. .=. .A.u.t.o.m.a.t.i.c.....5.0.0.6. .=. .C.C.I.T.T. .m.o.d.i.f.i.e.d. .H.u.f.f.m.a.n. .R.L.E.....5.0.0.7. .=. .C.C.I.T.T. .G.r.o.u.p. .3. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.8. .=. .C.C.I.T.T. .G.r.o.u.p. .4. .f.a.x. .e.n.c.o.d.i.n.g.....5.0.0.9. .=. .L.e.m.p.e.

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdpm.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):33600
                                                                                                Entropy (8bit):6.281064018328684
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:az2vV5RqtDcvnyQW7I+Ud26uiGKjzAVQjXzPishb8pe+7mNwSumexmMK6jcy:hgo7WcDGuB3Upe2m9uZxBKg3
                                                                                                MD5:BED53AB8B9E406D1A8D6A85924E44282
                                                                                                SHA1:19628BD3DE2BEF0EDC3622E4A7184162BD979040
                                                                                                SHA-256:E5A10A74CFC36A4DCFCC9B25573B92A37B55062153EF9120B93154DB5792B3DA
                                                                                                SHA-512:6F5C6945B0A982E8C94A826685158286D16173F51B10FDF1F5B9F4F93562240736A09B5F0997E995C0AF07360BACD51FA46CB8E4A3FA319519F3727FF87613E7
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......pZ.Y4;..4;..4;...4..:;..=C'.<;..=C6.9;..4;...;..=C!.7;..=C .5;..=C1.q;......5;..=C&.5;..=C#.5;..Rich4;..........PE..L...,4.\...........!.....F...........D.......`......................................a.....@.........................pU..W....M.......p...............d..@...........................................(...@...............t............................text....E.......F.................. ..`.data...\....`.......J..............@....rsrc........p.......P..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdui.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):159552
                                                                                                Entropy (8bit):6.178643199247813
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:VYM7lLXShoSAJzKb9P+K61JJBsJgTcqTIbMNZ3mo+aGh1G:77tK+K61vBsJKcq0bMNZPXP
                                                                                                MD5:F0A9D47D76E68883F04E60599EADAE6D
                                                                                                SHA1:8F7BB6B9E9CB70529FA4C442ABF507A2F546E6E3
                                                                                                SHA-256:2FAB0969C6E131834496428779A0809B97981F3E8D6FBF8A59632CB2DF783687
                                                                                                SHA-512:18BBD1A3899C6B2F361BFA575D50D7DA29EAEF0E1C7CB50B318CECFE3150F268C1CDF30FEB5246B9F9B5D7FE36BD4A268E06595D9D3F3D86D933F14F5C43AD43
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........\.q.\.q.\.q..h..].q....._.q.....P.q.....X.q.....T.q.U...].q.\.p..q.U...K.q..V..V.q..V..D.q..V..].q.Q...].q.\...].q..V..].q.Rich\.q.........PE..L....3.\...........!.....L...N.......0.......`......................................k.....@.........................P...l...............(............P..@.......< ...................................z..@............`...............................text....J.......L.................. ..`.rdata...B...`...D...P..............@..@.data....\..........................@....rsrc...(...........................@..@.reloc..< ......."..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\setupdrv.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):87360
                                                                                                Entropy (8bit):6.424955012685773
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:df1NQOOvFdve0e0ZIMhn9nA2LYK7ZOgkg6znnLnx9Inz1:/Adve07RnlhRN6znDQx
                                                                                                MD5:66C5F108A058B515BBDDE628384990C9
                                                                                                SHA1:0FBADFC5106056DFD269DF5EA532F69556CAE68F
                                                                                                SHA-256:8D596D33CC3962B33B46D361BBC44A8088F18C09949734F3DEC54828372426AE
                                                                                                SHA-512:6060EF07244385516989DF3AAD1C01E9F93B7B45A247D8D70FC5BE7A62BA96BFD22F80F0C78D178443D38796A2C7148CD3ADF4EB1A5FC430DFF5BB393492901E
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G..&...&...&....^..&...wF..&...wy..&...wD..&...wx..&...^...&...&..0&..$.|..&...tB..&...&...&..$.G..&..Rich.&..........PE..L...$4.\.....................n....................@..........................p.......C....@.................................d........@..x............6..@....P..........8...........................P...@............................................text............................... ..`.rdata...F.......H..................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\stdnames_vpd.gpd

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):14366
                                                                                                Entropy (8bit):4.1817849062232195
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:NjThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:yFzOnS7z0
                                                                                                MD5:7162D8977515A446D2C1E139DA59DED5
                                                                                                SHA1:952F696C463B8410B1FA93A3B2B6DAE416A81867
                                                                                                SHA-256:2835A439C6AE22074BC3372491CB71E6C2B72D0C87AE3EEE6065C6CAADF1E5C8
                                                                                                SHA-512:508F7CA3D4BC298534AB058F182755851051684F8D53306011F03875804C95E427428BD425DD13633EEC79748BB64E78AAD43E75B70CC5A3F0F4E6696DBB6D8E
                                                                                                Malicious:false
                                                                                                Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires_vpd.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrv_rppd.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):383296
                                                                                                Entropy (8bit):6.650287803080611
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:yplBo/TK5C+psQzJzCSX6hjg+4GRr3CoA7f3j5G+hinZ5P31uGX7Zum8oyk7lATI:O0/djgEUhWnJ2UlxqOttoICvPn/318Sm
                                                                                                MD5:C3F39388BD4E6763F9734BC617388A17
                                                                                                SHA1:AF5B4753F99C3F115294662876D7191DC8652786
                                                                                                SHA-256:4D1F6A595889165B6A14B68D848C639748C9750C165BB4515CA3C3C67B4BA462
                                                                                                SHA-512:BD8D00461E65F156686B0FC799926897845900F072F7AC10B66387E041CC7D3810ADBFB0137E9EA7B24995A11D324707D9E0FCD699D36E62ED089F46CC5ABA58
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3g..3g..3g..:.;.4g..3g...g..:.=.8g..:.<.2g..:.-..g..:.*.sg.....2g..:.:.2g..:.?.2g..Rich3g..........................PE..L...$.[J...........!................-..............m................................Z!....@....................................x.......................@...............8............................t..@.......|.......`............................text...k........................... ..`.data...............................@....rsrc...............................@..@.reloc..............................@..Bo.[J8...K.[JC.....[JP.....[J].....[Jg.....[Jq...........msvcrt.dll.WINSPOOL.DRV.KERNEL32.dll.NTDLL.DLL.ole32.dll.GDI32.dll..............................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrv_rppd.hlp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                                                Category:dropped
                                                                                                Size (bytes):21225
                                                                                                Entropy (8bit):3.9923245636306675
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                                                MD5:6798F64959C913673BD66CD4E47F4A65
                                                                                                SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                                                SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                                                SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                                                Malicious:false
                                                                                                Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrvui_rppd.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):755520
                                                                                                Entropy (8bit):6.198681499104638
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:IlIoM3g2e9Bg7Lg3yfKDPc97QpAxuKdwSGnZGxn:IvM36KkyCLW7QCwSGon
                                                                                                MD5:0822EE0FF996BEB2B31EBBDD6449231B
                                                                                                SHA1:7DF7F4978F3C4728CAEF9F95C6EB6C0D8CF8FDAC
                                                                                                SHA-256:D727150FA7853748655E9CAA9F19F633E33BD191284703D6609984A64CB39CAB
                                                                                                SHA-512:A47D25901FAD0507167E241350EC12C8D545F3F932E1B44E5F167A82263BCB97DA06B09454E8DE815EFC445088F2B1011028C3EAE5BF3F55FACAA3D9EC082815
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..wf..$f..$f..$o.%$n..$f..$...$o.#$u..$o.3$8..$o."$g..$o.4$...$AZ.$g..$o.$$g..$o.!$g..$Richf..$................PE..L......L...........!.....2...2......e........@....(p.....................................@.............................{....3.......p...............h..@....`...0...@..8...............................@............................................text...E1.......2.................. ..`.data........P.......6..............@....rsrc........p.......T..............@..@.reloc...0...`...2...6..............@..B..LX......Lc...o..Ln...&..Lx.....L....n..L....%..L....K..L.......L....r..L............msvcrt.dll.RPCRT4.dll.ole32.dll.USER32.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.WINSPOOL.DRV.GDI32.dll.OLEAUT32.dll.......................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unires_vpd.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):770368
                                                                                                Entropy (8bit):5.629918098777896
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:tkoGBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLC:LGBEGbL4Np84TQazCSiRC
                                                                                                MD5:385152D096A96D1966C1042EDE38114F
                                                                                                SHA1:A42D0587A2BF156C3F757778397A2E7AC8122E3C
                                                                                                SHA-256:5A22FE5AF587540A9840E4F2A515564A2478DDA47AC1C81B687AC2F59C4C2FD0
                                                                                                SHA-512:483E8819C6C5C1BCF725A4D6513364A5EE054E1D9100A8F42FFD2DBBFD52910CCA8E6DAF4435103C75AA2EBCA5A608BCC76EE6C531EA67C723267D9445D40256
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u..E...E...E...Ll..D...Ll..D...RichE...................PE..L......L...........!..............................@.......................................@............................................................@............................................................................................rsrc...............................@..@........................................................0...8.......P.......................@...........................................r.......s...x...t...8...u.......v.......w...0...x.......y...........(...............................X.......(...............................h...............P....................................................................................................... .......8.......P.......h............................................................................................... .......0...

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\vccorlib120.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):247984
                                                                                                Entropy (8bit):6.601853231729306
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:+SsS5fv6EATwqlGwyfDyodYI3ZubfW5nb2PQuW0x:+I5fv6EATwqlGwyfDyodYI3Zv1C
                                                                                                MD5:69837E50C50561A083A72A5F8EA1F6A2
                                                                                                SHA1:1A4B4C6C3CB6A5164CC1018AC72D0300455B3D8F
                                                                                                SHA-256:9C9D4E421C55F7EF4E455E75B58A6639428CCD75C76E5717F448AFE4C21C52BC
                                                                                                SHA-512:FD20C6B4EEC972C775681AD7322769D5074108D730727051EF77D779A277D77B12419E1FEE1E2EC0CF376A235573A85AD37975245DBF078DE467953AFD02164A
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0p..Q..Q..Q..)..Q......Q......Q......Q......Q..P...Q..Q...Q......Q......Q......Q......Q..Rich.Q..........PE..L....OR.........."!.................4...............................................:....@.............................e=...A.......`...................>...p...R..0................................/..@............@...............................text............................... ..`.data...xp.......n..................@....idata.......@......."..............@..@minATL.......P.......0..............@..@.rsrc........`.......2..............@..@.reloc...R...p...T...6..............@..B........................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\eventmsg.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):59144
                                                                                                Entropy (8bit):6.584653317811251
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:iDb11m1u0/h46F5BHk++oJAj7kqMJSxk2T1DAMxkE9xu:iVl6hzk++oJY7ku7Fx5xu
                                                                                                MD5:6610A420C60C420FDE9394F651DE6B92
                                                                                                SHA1:10AFEF408D37A5B35FF9F72E22AC576077051C4C
                                                                                                SHA-256:A80225CF40C2824327D50601AE067383DD53D45FDF0E2C064408E7F3EEF6D891
                                                                                                SHA-512:F37AA430D61E966CEDFAE955C1315F17FF648BB18405B3B066325A8564AD7F9E916960B2F08D8748D6848530655C97F97C421250269210438A63CEA56E1F3D26
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....J.f...........!.........(....................@..........................`............@.......................... ..q.......n....P.................../...@..@...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..q.... ......................@..@.rdata..E....0......................@..@.reloc..@....@......................@..B.rsrc........P......................@..@.............`......................@..@........................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\libasset32.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):9223040
                                                                                                Entropy (8bit):6.35557334290542
                                                                                                Encrypted:false
                                                                                                SSDEEP:196608:hL7NqnDg0293wsNAXayRDfxihAYOjPTJ3kx+q8ZJPyv1wKl3bc2EeJUO9WLcb0A:blOJDm13rc2EeJUO9WLcb7
                                                                                                MD5:1DF0C01B671AC516A8972159F60B0A6E
                                                                                                SHA1:8DFD81B98B73BF1435C5906E7774FD1A7F693080
                                                                                                SHA-256:7556D3A559D6967CE35BC8646D0A285E5ED5C3936D8D9709572C2BCEEB2AAB36
                                                                                                SHA-512:5888C4DA7A4A48E5361B2512CE41CE9A5285BE18A4CA4F61FB9D73432B7FA5F27EA178F4641BEB69CFF24C59A994CA0F691D6F517DC9D084086020E7B143C842
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.f..i.t......!...*.~G...e..0............G...(m..........................j...........@... ......................Pc......`c.0"....c.............x..../....c............................`.S.....................|ec..............................text....}G......~G.................`..`.data...,o....G..p....G.............@....rdata........H..0....G.............@..@/4...........0U......$U.............@..@.bss......... c..........................edata.......Pc.......c.............@..@.idata..0"...`c..$....c.............@....CRT....0.....c......8c.............@....tls..........c......:c.............@....rsrc.........c......<c.............@..@.reloc.......c......@c.............@..B/14..........`f.......e.............@..B/29..........pf.......e.............@..B/41......b...0h..d....g.............@..B/55...........h.......g.............@..B/67..........`i.......h.

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\libcodec32.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):7137640
                                                                                                Entropy (8bit):6.4815212793407
                                                                                                Encrypted:false
                                                                                                SSDEEP:98304:ORE7yGktThDyt6666666666666666666666666666666x666666666666666fwwk:oGktThD0TGh/fTCRwlRvZG3XYBVXl
                                                                                                MD5:E9D7061F35A74AFA8699D9BC6F5474B6
                                                                                                SHA1:10720488700E8FFE252A3F8FB8E4D20B3C4CF176
                                                                                                SHA-256:AFEF8E83303E7D7EDE74E5FEA19C22BFE3C66E3EF3B2A6A24FFE7484B1CCD99D
                                                                                                SHA-512:457A47D7C44B8461E5FBFF3C60B99EABE8A11894A115D84A411498F5AF3B69E50E06803EB6265F48DCE70FAB60E0D4EC34B954704B8792C53B6E5DA01DAB1717
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.f..T.i......!...*.(E..*Q..:...........@E...0g..........................U.....?<m...@... ......................`P......pP.......P.............`.l../....P..#...........................FH......................rP.L............................text...`.E.......E.................`..`.rodata.@....0E......$E............. ..`.data...,(...@E..*....E.............@....rdata.......pE......XE.............@..@/4......L.....I.......H.............@..@.bss....X9... P..........................edata.......`P.......O.............@..@.idata.......pP.......O.............@....CRT....0.....P.......P.............@....tls..........P.......P.............@....rsrc.........P.......P.............@..@.reloc...#....P..$....P.............@..B/14...........Q......:Q.............@..B/29...........Q......BQ.............@..B/41......Y....S..Z....R.............@..B/55...........S......(S.

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):11149576
                                                                                                Entropy (8bit):6.74436572838992
                                                                                                Encrypted:false
                                                                                                SSDEEP:98304:HxTsm8lfvWDu+j3eDBpsx1t1HnnCXLcrIEYXJ2WWHOHOBO3/c:HlpSf8TJxdHnnCb6IXXDWHlw3/c
                                                                                                MD5:2F0D3D1ABD463AC64AA4E743B50AA055
                                                                                                SHA1:8E782DD229D0A7B19CA99219A974D740D85A9A96
                                                                                                SHA-256:499607E5C62078C00107BD08610441143D9E447916DC20596A068BA01149314E
                                                                                                SHA-512:B8AF8897C420ED3EA329C1CCE8E8359C2CF58BED4B41929E965E576D66B0F75428D67D1633D6C2C960C4242C5EEDE8C7E6E4C4E909327ED95BB77800B1216D92
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe, Author: Joe Security
                                                                                                • Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe, Author: ditekSHen
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 26%
                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....H.f.................f....#......w............@.......................................@......@.............................RX...`................./.......u....................................................t....0...w...................text............................... ..`.itext...X... ...Z.................. ..`.data...H............j..............@....bss.....................................idata..RX......Z..................@....didata..w...0...x...R..............@....edata.............................@..@.tls....h................................rdata..].........................@..@.reloc...u.......v.................@..B.rsrc.......`.......D..............@..@....................................@..@................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):21972744
                                                                                                Entropy (8bit):6.6265434909735195
                                                                                                Encrypted:false
                                                                                                SSDEEP:196608:s0vHlMP8Powlcy5updJK3JwwRZOJK09yxazoTklsWndb4EyNSgQuKTreDv6m3RKl:tvH88Powyy5Ua8K09yxefdb4NBRa
                                                                                                MD5:4251BB135CC9A31DD42F0BE1FBC30A86
                                                                                                SHA1:E8136675E22D5702DA6C9095384AD0B0035689F7
                                                                                                SHA-256:E3742D88B1B74E80C1F144387904F3DD7544E7AE4C291D91943A1B4B91DB77AE
                                                                                                SHA-512:5B09ADFD8829A4F59488C43B8C32CE608F0F050F7B2E7D469940AF616FC9503524CED14063B0FDD0EC4E70262473E6A056D60935370F443381768CDFCD755E2C
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe, Author: Joe Security
                                                                                                • Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe, Author: ditekSHen
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 26%
                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...|H.f.....................|U...................@...........................[......'P...@......@...................`.......`..$b...P!..9:...........O../......l....................................................p..........:....................text............................... ..`.itext............................. ..`.data...............................@....bss.........P...........................idata..$b...`...d...4..............@....didata.:...........................@....edata.......`.......$..............@..@.tls....h....p...........................rdata..]............&..............@..@.reloc..l............(..............@..B.rsrc....9:..P!..::.................@..@.............PG.......:.............@..@................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\vp8decoder.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):388696
                                                                                                Entropy (8bit):6.639766301981685
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:YIIDyjBnydesbWoiwS7dVIclCzoqHO/gCaEkkH8TuX6RTrWD4siZMZ+LG4IPWwc8:YI8tiDOzyH9H8Tu6h04fZMZoMPuvfj0h
                                                                                                MD5:E247666CDEA63DA5A95AEBC135908207
                                                                                                SHA1:4642F6C3973C41B7D1C9A73111A26C2D7AC9C392
                                                                                                SHA-256:B419ED0374E3789B4F83D4AF601F796D958E366562A0AAEA5D2F81E82ABDCF33
                                                                                                SHA-512:06DA11E694D5229783CFB058DCD04D855A1D0758BEEAA97BCD886702A1502D0BF542E7890AA8F2E401BE36CCF70376B5C091A5D328BB1ABE738BC0798AB98A54
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................g......"............#.O...T8.....T8..................T8.....'....................Rich............................PE..L...v..T...........!..... ...........2.......0......................................A...............................@q.......q..........................X........(...1..8............................U..@............0...............................text............ .................. ..`.rdata...J...0...L...$..............@..@.data...H>...........p..............@....rodata.............................@..@.rsrc...............................@..@.reloc...(.......*..................@..B........................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\vp8encoder.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):1640536
                                                                                                Entropy (8bit):6.686577023894573
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:OSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwwwwwwwwwwwww3:OSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSZ
                                                                                                MD5:D5C2A6AC30E76B7C9B55ADF1FE5C1E4A
                                                                                                SHA1:3D841EB48D1A32B511611D4B9E6EED71E2C373EE
                                                                                                SHA-256:11C7004851E6E6624158990DC8ABE3AA517BCAB708364D469589AD0CA3DBA428
                                                                                                SHA-512:3C1C7FB535E779AC6C0D5AEF2D4E9239F1C27136468738A0BD8587F91B99365A38808BE31380BE98FD74063D266654A6AC2C2E88861A3FE314A95F1296699E1D
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:J<A[$oA[$oA[$o...o@[$o...o.[$o...op[$o...o.[$o...oC[$o...oL[$oA[%o.[$oA[$op[$o...o@[$oL..o.[$oL..o@[$oL..o@[$oL..o@[$oRichA[$o................PE..L...}..T...........!.........>.......*..............................................5.......................................(............7..............X..............................................@............................................text............................... ..`.rdata..............................@..@.data...$r......."..................@....rodata.............................@..@.rsrc....7.......8...0..............@..@.reloc..............h..............@..B................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\webmmux.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):265816
                                                                                                Entropy (8bit):6.521007214956242
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:MW218gr7s2yIHB0pTPdTX9zUbEbStE97zjAs1RtTcJTfIv0se7POWu/HgsGU1VTl:MWSfr7sXSmPDbKPJ6/AsNk+1x
                                                                                                MD5:49C51ACE274D7DB13CAA533880869A4A
                                                                                                SHA1:B539ED2F1A15E2D4E5C933611D736E0C317B8313
                                                                                                SHA-256:1D6407D7C7FFD2642EA7F97C86100514E8E44F58FF522475CB42BCC43A1B172B
                                                                                                SHA-512:13440009E2F63078DCE466BF2FE54C60FEB6CEDEED6E9E6FC592189C50B0780543C936786B7051311089F39E9E3CCB67F705C54781C4CAE6D3A8007998BEFBF6
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@~..!..!..!...p...!...p..!...p..+!..M...!..M...!..!...!..M...!..s..!..s..!..s..!..s..!..Rich.!..................PE..L...{..T...........!.........N.......k.......................................0..............................................4...x.......................X......../..................................Ha..@...............l............................text............................... ..`.rdata..v...........................@..@.data....B......."..................@....rsrc...............................@..@.reloc.../.......0..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisdecoder.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):373336
                                                                                                Entropy (8bit):6.7704943019914845
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:faoH9sDRlDLD0GDkEp00tc6TKUOmrRK1jRsAOO04sAO88RtOd:noPH0GgEp0gVd1ValsQXsHOd
                                                                                                MD5:EDA07083AF5B6608CB5B7C305D787842
                                                                                                SHA1:D1703C23522D285A3CCDAF7BA2EB837D40608867
                                                                                                SHA-256:C4683EB09D65D692CA347C0C21F72B086BD2FAF733B13234F3A6B28444457D7D
                                                                                                SHA-512:BE5879621D544C4E2C4B0A5DB3D93720623E89E841B2982C7F6C99BA58D30167E0DD591A12048ED045F19EC45877AA2EF631B301B903517EFFA17579C4B7C401
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Mm..,...,...,...}...,...}...,...}...,.......,.......,...,..,.......,...~...,...~...,...~...,...~...,..Rich.,..........................PE..L...t..T...........!................b.....................................................@..........................M......@N..d.......0...............X.......d&..................................p/..@...............T............................text...=........................... ..`.rdata...E.......F..................@..@.data...|<...`.......H..............@..._RDATA...............d..............@..@.rsrc...0............j..............@..@.reloc..d&.......(...n..............@..B........................................................................................................................................................................................................................................................

                                                                                                C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisencoder.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):880216
                                                                                                Entropy (8bit):5.239371133407635
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:vTAPYZEyRr+NDnaLyx2lz8MSjtX08pYRc29qcQmsGahsQZsbRN9S:YYF+Eyx2lzujtEIYRc1cQmsGa7ON9S
                                                                                                MD5:642DC7E57F0C962B9DB4C8FB346BC5A7
                                                                                                SHA1:ACEE24383B846F7D12521228D69135E5704546F6
                                                                                                SHA-256:63B4B5DB4A96A8ABEC82B64034F482B433CD4168C960307AC5CC66D2FBF67EDE
                                                                                                SHA-512:FB163A0CE4E3AD0B0A337F5617A7BF59070DF05CC433B6463384E8687AF3EDC197E447609A0D86FE25BA3EE2717FD470F2620A8FC3A2998A7C3B3A40530D0BAE
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A....u...u...u..C$G.3u..C$y.Iu..C$x..u...V..u...S..u...u..ju...H..u...'}.&u...'D..u...'C..u...'F..u..Rich.u..........................PE..L...s..T...........!.........R..............0......................................:W....@.........................`...........d....P..p............R..X....`...D......................................@............0..T............................text...}........................... ..`.rdata.......0......."..............@..@.data...|<..........................@..._RDATA.......@......................@..@.rsrc...p....P......................@..@.reloc...D...`...F..................@..B........................................................................................................................................................................................................................................................

                                                                                                C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):8192
                                                                                                Entropy (8bit):0.35901589905449205
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:6xboaaD0JOCEfMuaaD0JOCEfMKQmDkxboaaD0JOCEfMuaaD0JOCEfMKQmD:ZaaD0JcaaD0JwQQnaaD0JcaaD0JwQQ
                                                                                                MD5:7D48941DB05D2D1C9A0C52739933543F
                                                                                                SHA1:4FF1446A7D5DA6BBEA145000B00A9F4FFED90930
                                                                                                SHA-256:C436AB7F36E238365FDDF5BDFEB9EBFEFACE94AD0FEB79C571182DA968815D87
                                                                                                SHA-512:41C7DA95797437840014733F7021883E034503A9D8F07F7C9A0B1131A869A29A6E00D4E9FA99EEDAFBDD2F0DFDAFFB0A7671D8F666DA0E2023CA887E4BA0FB62
                                                                                                Malicious:false
                                                                                                Preview:*.>...........f.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................f.............................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):1310720
                                                                                                Entropy (8bit):0.7107431621466558
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6Vqw:2JIB/wUKUKQncEmYRTwh0M
                                                                                                MD5:35187E4A085530B83F7BAF848262B54A
                                                                                                SHA1:74A9214BF089B30A894482788D8C661E98EF71C9
                                                                                                SHA-256:0677912EE1C05BF14C4ACF4AC9B4CE280650BEEEA1AAA55B83996C333F6B394D
                                                                                                SHA-512:EE4F3478871B1E86545368CC4ACA232450CA4822A6040DDBA7997B816F0F8452801621F37D0F90EF19A360CB30EBE26FA938FB6A4CB36090EE9D67EE6F3B0C63
                                                                                                Malicious:false
                                                                                                Preview:...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0xa3735c0b, page size 16384, Windows version 10.0
                                                                                                Category:dropped
                                                                                                Size (bytes):1310720
                                                                                                Entropy (8bit):0.6651282372700069
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:VSB2ESB2SSjlK/2502y0IEWBqbMo5g5+Ykr3g16z2UPkLk+kK+UJ8xUJSSiWjFjF:VazaU+uroc2U5Si6
                                                                                                MD5:202274806479363C1FDFF7CCD9823BD1
                                                                                                SHA1:5E00109CB7002A37479293D739E937CAFD47FBFA
                                                                                                SHA-256:041C9BB088DBA150EA9CE0511FBA38E57DC71D4C9E903FF72DA079F263D91726
                                                                                                SHA-512:D91C74CB5D9D95A68C440D71E63CC2156859961D5594053C8A9BA254F104BF73F05F3E5904BC694B37E7D6296E9A45BB15B4EFE384A85E92E7E8642D692AD3C1
                                                                                                Malicious:false
                                                                                                Preview:.s\.... .......#.......X\...;...{......................0.e.....(6...|..03...|..h.b.....(6...|..0.e.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{...................................l*U(6...|..................X.CB(6...|...........................#......0.e.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):16384
                                                                                                Entropy (8bit):0.08083224723898716
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:B/tOetYeit4vZ8NX6lXJZ2+tl72lXollkqqG9lXlZOS:B1rzg4BcX6lZZ1L2lIVr
                                                                                                MD5:89F3658A91682E6764D77E957CCAC328
                                                                                                SHA1:622A6542025F1115AFC3866AC377E435C9144856
                                                                                                SHA-256:93AEF73B9E67466A5084AF276A79D1C974811AE146D298F5962C2DC8B0899877
                                                                                                SHA-512:62454B98623512C6AD40D6C04EC67297F9DB64B8B4B9623D7190DCA0DBDCA103BDFAF1E8535119E1E4600DA6E7FE60D5D13C2F6CC04B7D3782693ED5C2F9B450
                                                                                                Malicious:false
                                                                                                Preview:.Y~.....................................;...{..03...|..(6...|..........(6...|y.(6...|..W.h.(6...|s.................X.CB(6...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\ProgramData\Remote Manipulator System\Logs\rms_log_2024-10.html

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:HTML document, ASCII text, with CR line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):2190
                                                                                                Entropy (8bit):5.405930420732809
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:SpiroU8xNqcoYERDML6RLi7rNRLigbqNK+27ikdgueptocplJM9:lr0xccoJxML6RLidRLi1o17fg9JM9
                                                                                                MD5:64E71BD6E3D120E096849B8FBE928DF6
                                                                                                SHA1:CB5F1D986D12F4822B1C701A075E9F3AC2854126
                                                                                                SHA-256:0BD6D6290531486B4488387A47E2920181315E1C7363DC810705A4FF02945F7C
                                                                                                SHA-512:321F6DF160E3F7F8D2F6AE1E066117096E7B9BAE8B62EC14E4C66B54D1C7998B6FC7FBC93F9500D61A1CD70C1A5BC5B9E3B3772AEE9A8652D20FF351E7E10A76
                                                                                                Malicious:false
                                                                                                Preview:<head>.<meta http-equiv="content-type" content="text/html; charset=utf-8" />.<meta name="copyright" content="TektonIT" />.<meta name="description" content="Remote Manipulator System - Server software, event log. Tektonit.com" />.<title>RMS &ndash; host log</title>.<style type="text/css">.body {.font-family: Courier New, monospace;.font-size: 100%;.background-color: #FFFFFF;.} .h1 {.font-size: 130%;.margin: 0px 0px 0px 0px;.} .textarea {.display: none;.margin-top: 5px;.width: 100%;.} ..main_table td {.border: 1px dashed #DADADA;.} ..e_l_0 {.background-color: #4c4cff;.border: 1px solid red;.} ..e_l_1 {.background-color: #fff04c;.border: none;.} ..e_l_2 {.background-color: #ffa94c;.border: none;.} ..e_l_3 {.background-color: #fc2727;.border: none;.} .#log_header td {.font-weight: bold;.} .#subheader {.font-size: 70%;.color: #DADADA;.margin-bottom: 10px;.} .</style>.<script language="javascript">.function show_textarea(elem) {.var parent_node = elem.parentNode;.var nodes = parent_node.chil

                                                                                                C:\ProgramData\Remote Manipulator System\eventmsg.dll

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):59144
                                                                                                Entropy (8bit):6.584653317811251
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:iDb11m1u0/h46F5BHk++oJAj7kqMJSxk2T1DAMxkE9xu:iVl6hzk++oJY7ku7Fx5xu
                                                                                                MD5:6610A420C60C420FDE9394F651DE6B92
                                                                                                SHA1:10AFEF408D37A5B35FF9F72E22AC576077051C4C
                                                                                                SHA-256:A80225CF40C2824327D50601AE067383DD53D45FDF0E2C064408E7F3EEF6D891
                                                                                                SHA-512:F37AA430D61E966CEDFAE955C1315F17FF648BB18405B3B066325A8564AD7F9E916960B2F08D8748D6848530655C97F97C421250269210438A63CEA56E1F3D26
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....J.f...........!.........(....................@..........................`............@.......................... ..q.......n....P.................../...@..@...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..q.... ......................@..@.rdata..E....0......................@..@.reloc..@....@......................@..B.rsrc........P......................@..@.............`......................@..@........................................................

                                                                                                C:\ProgramData\Remote Manipulator System\install.log

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):333
                                                                                                Entropy (8bit):5.01636938503212
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:HV9aLmKRL/PV9aLdd/aoCZV9aLhHujHO7eVaZV9aLwmnXjKVCZV9aLOLGeXkRLN2:raftaDSo2a9BekaRTZa6r0C
                                                                                                MD5:F9872086A02298536EF00BCFC8C70BFA
                                                                                                SHA1:7759537CB6B9EA6E5D2BC16C091EDDEB68AA1541
                                                                                                SHA-256:27FCFDD52079AFD7F138B57691E002E2B5CFF2271A5145C4C5D0E3077EFB0E4D
                                                                                                SHA-512:4A6CAC9B6946F8ABC858EB04973F5CEEEF099FB5A100FE8477B7E0ABFFAC9B8634552A2350E6D636F99452DA68A42F9AEDDF03DF7CFC495A837FB0E4BA405F6D
                                                                                                Malicious:false
                                                                                                Preview:29-10-2024_11:52:06#T:SilentInstall: installation 70510..29-10-2024_11:52:06#T:SilentInstall: NTSetPrivilege:SE_DEBUG_NAME:false. OK..29-10-2024_11:52:06#T:SilentInstall: OpenService: service not found_1. OK..29-10-2024_11:52:06#T:SilentInstall: CreateService. OK..29-10-2024_11:52:06#T:SilentInstall: finished (installation) 70510..

                                                                                                C:\ProgramData\Remote Manipulator System\msi\70510_{827D98D4-CA0D-43D0-8133-225659FBBC61}\winrar.msi

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: RMS - Host 7.5, Comments: This installer contains the logic and data to install RMS - Host 7.5, Keywords: Installer,MSI,Database, Subject: RMS - Host 7.5, Author: TektonIT, Ter-Osipov A.V., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Fri Sep 20 18:23:47 2024, Create Time/Date: Fri Sep 20 18:23:47 2024, Last Printed: Fri Sep 20 18:23:47 2024, Revision Number: {C457692F-C69F-4EF4-B4C9-3DF451F76F30}, Code page: 1251, Template: Intel;1049
                                                                                                Category:dropped
                                                                                                Size (bytes):27048960
                                                                                                Entropy (8bit):7.926083719323171
                                                                                                Encrypted:false
                                                                                                SSDEEP:393216:0n/UUnsM1J1mFLE15NXZrtu96+cO55sXDqcovKYw9ZSkPfmYJEe78zvNhE:KekLewZFkcO5iDiv5gfmYz
                                                                                                MD5:B4416A1D58BAF007E59F572B5ED0A5A4
                                                                                                SHA1:48F9B1E7E8FA3CD821911AF283A28E0DA7BBF91F
                                                                                                SHA-256:A45A4D586568C3762C7490ACA8EBBD61B226BCF261BE6C6C814796C47234B851
                                                                                                SHA-512:20FD414CEECFF597BD903AC38F5FC93FB3107895D4F20B7403BD5F27FF2FFF7FF8413C86EC460D34256420F8C1E8E4D3FE7FCF4651D19ED57655434B0E11C78B
                                                                                                Malicious:false
                                                                                                Preview:......................>...................................8........6..................}........................................................................................................................................................................................................................................................ ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...A...M...:...;...=...........?...@...T...B...C...D...E...F...G...H...I...J...O...L...N...o.......P...Q...R...U.......&...V...Z...X...Y...#...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):999
                                                                                                Entropy (8bit):4.966299883488245
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:Jd4T7gw4TchTGBLtKEHcHGuDyeHRuDye6MGFiP6euDyRtz:34T53VGLv8HGuDyeHRuDye6MGFiP6euy
                                                                                                MD5:24567B9212F806F6E3E27CDEB07728C0
                                                                                                SHA1:371AE77042FFF52327BF4B929495D5603404107D
                                                                                                SHA-256:82F352AD3C9B3E58ECD3207EDC38D5F01B14D968DA908406BD60FD93230B69F6
                                                                                                SHA-512:5D5E65FCD9061DADC760C9B3124547F2BABEB49FD56A2FD2FE2AD2211A1CB15436DB24308A0B5A87DA24EC6AB2A9B0C5242D828BE85BD1B2683F9468CE310904
                                                                                                Malicious:false
                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<software_identification_tag xmlns="http://standards.iso.org/iso/19770/-2/2009/schema.xsd">...<entitlement_required_indicator>true</entitlement_required_indicator>...<product_title>Windows 10 Pro</product_title>...<product_version>....<name>10.0.19041.1865</name>....<numeric>.....<major>10</major>.....<minor>0</minor>.....<build>19041</build>.....<review>1865</review>....</numeric>...</product_version>...<software_creator>....<name>Microsoft Corporation</name>....<regid>regid.1991-06.com.microsoft</regid>...</software_creator>...<software_licensor>....<name>Microsoft Corporation</name>....<regid>regid.1991-06.com.microsoft</regid>...</software_licensor>...<software_id>....<unique_id>Windows-10-Pro</unique_id>....<tag_creator_regid>regid.1991-06.com.microsoft</tag_creator_regid>...</software_id>...<tag_creator>....<name>Microsoft Corporation</name>....<regid>regid.1991-06.com.microsoft</regid>...</tag_creator>..</software_identification_tag>..

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):300
                                                                                                Entropy (8bit):5.300899995179551
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:934q2PcNwi2nKuAl9OmbnIFUt8MdJZmw+MIXDkwOcNwi2nKuAl9OmbjLJ:x4vLZHAahFUt8sJ/+ND54ZHAaSJ
                                                                                                MD5:2D346CE784EE85C25CB60E7405088A4B
                                                                                                SHA1:682F2C0D0D064AA6CEB9F81CF8E0A958D21B3515
                                                                                                SHA-256:0B79271130A74EEF8D70DE0E8FAD7846F47231AD2A3A892501D0D9BDB7654132
                                                                                                SHA-512:1A996C361C9EAE65A256DC40D2CF2A88F95F9874E390C682365E99F548BD25CA14F578F70D0D634EF922E4624FE87CBFA59C3B1B5B3C551103BAFB2B97779AE4
                                                                                                Malicious:false
                                                                                                Preview:2024/10/29-11:51:47.685 1d64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/29-11:51:47.687 1d64 Recovering log #3.2024/10/29-11:51:47.688 1d64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):300
                                                                                                Entropy (8bit):5.300899995179551
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:934q2PcNwi2nKuAl9OmbnIFUt8MdJZmw+MIXDkwOcNwi2nKuAl9OmbjLJ:x4vLZHAahFUt8sJ/+ND54ZHAaSJ
                                                                                                MD5:2D346CE784EE85C25CB60E7405088A4B
                                                                                                SHA1:682F2C0D0D064AA6CEB9F81CF8E0A958D21B3515
                                                                                                SHA-256:0B79271130A74EEF8D70DE0E8FAD7846F47231AD2A3A892501D0D9BDB7654132
                                                                                                SHA-512:1A996C361C9EAE65A256DC40D2CF2A88F95F9874E390C682365E99F548BD25CA14F578F70D0D634EF922E4624FE87CBFA59C3B1B5B3C551103BAFB2B97779AE4
                                                                                                Malicious:false
                                                                                                Preview:2024/10/29-11:51:47.685 1d64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/29-11:51:47.687 1d64 Recovering log #3.2024/10/29-11:51:47.688 1d64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):344
                                                                                                Entropy (8bit):5.224973720904553
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:9cj34q2PcNwi2nKuAl9Ombzo2jMGIFUt8MSdNJZmw+MuLDkwOcNwi2nKuAl9OmbX:2L4vLZHAa8uFUt8/XJ/+lLD54ZHAa8RJ
                                                                                                MD5:34CD6D982F94C475CABCE7A314796C88
                                                                                                SHA1:0C774D439FE0CDDA394346758F9836E47950751E
                                                                                                SHA-256:64FF953E94882F2EF0C7CA0CC02367FFEBA3DFB5F82605766CE68CC3808456AE
                                                                                                SHA-512:13A68A15EA6BE76D374EE7A85EA90D706CECE18E9D5E72486FA1C79E6BE46735503AE5D3816BFD6314089AAEFED1C5FEF5ABBBFD0703F5BCAF2C2233E7DC06CE
                                                                                                Malicious:false
                                                                                                Preview:2024/10/29-11:51:47.960 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/29-11:51:47.964 1e64 Recovering log #3.2024/10/29-11:51:47.966 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):344
                                                                                                Entropy (8bit):5.224973720904553
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:9cj34q2PcNwi2nKuAl9Ombzo2jMGIFUt8MSdNJZmw+MuLDkwOcNwi2nKuAl9OmbX:2L4vLZHAa8uFUt8/XJ/+lLD54ZHAa8RJ
                                                                                                MD5:34CD6D982F94C475CABCE7A314796C88
                                                                                                SHA1:0C774D439FE0CDDA394346758F9836E47950751E
                                                                                                SHA-256:64FF953E94882F2EF0C7CA0CC02367FFEBA3DFB5F82605766CE68CC3808456AE
                                                                                                SHA-512:13A68A15EA6BE76D374EE7A85EA90D706CECE18E9D5E72486FA1C79E6BE46735503AE5D3816BFD6314089AAEFED1C5FEF5ABBBFD0703F5BCAF2C2233E7DC06CE
                                                                                                Malicious:false
                                                                                                Preview:2024/10/29-11:51:47.960 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/29-11:51:47.964 1e64 Recovering log #3.2024/10/29-11:51:47.966 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\278627ed-fc24-4e0b-bb23-271ee4eddacd.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):475
                                                                                                Entropy (8bit):4.96930632548093
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4TX:Y2sRdsRdMHSOL3QYhbSpDa7n7
                                                                                                MD5:FBDCC2772AA26D64959F72A60AEED4DF
                                                                                                SHA1:65DC55AD8E6AF60BDBDD0E6F3BCA306D1B4706A3
                                                                                                SHA-256:6C648B6773C99F25E60A691E688BE640F52738A14D94F8FADC01AE9E9EF81C05
                                                                                                SHA-512:036D6EC84050006D1B725801BC5A70C4DAB1CFBFA5DC114D33BF66DA4BA362C4AD22E5DF5742BB5319A01434B5451162030B50828D20A72BB418824F5555D9E1
                                                                                                Malicious:false
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\57d15819-7592-4652-9025-a1ea97ba9cb4.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):203
                                                                                                Entropy (8bit):5.296865367545073
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YAQNsNXuObqJx8wXwlmUUAnIMp5YLL22SQ:YyZuObO+UAnI2ZQ
                                                                                                MD5:5C0AD1163C8B5F248F489608EA186A4C
                                                                                                SHA1:9A8B385C0E455A8DB7E7BFDC5A728B5AA2B0BF69
                                                                                                SHA-256:0CD65CA30DF86DCC5DB2C355573B4169F54D04B76AB0DA4961A86C05FA2BBF45
                                                                                                SHA-512:80FB8B036C79AD78465EC6B7F56FD430732B1088BA173906E094D94510E64E6044D469911ED3FDC6B316984CB7DD3E543DB3996E669F0C292773622241BE4001
                                                                                                Malicious:false
                                                                                                Preview:{"expect_ct":[],"sts":[{"expiry":1745769117.161779,"host":"fm9KDTkCEEOhjQ0Uz3wemEDKt2V49zM91BbUE6ob8vg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1730217117.161786}],"version":2}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):475
                                                                                                Entropy (8bit):4.96930632548093
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4TX:Y2sRdsRdMHSOL3QYhbSpDa7n7
                                                                                                MD5:FBDCC2772AA26D64959F72A60AEED4DF
                                                                                                SHA1:65DC55AD8E6AF60BDBDD0E6F3BCA306D1B4706A3
                                                                                                SHA-256:6C648B6773C99F25E60A691E688BE640F52738A14D94F8FADC01AE9E9EF81C05
                                                                                                SHA-512:036D6EC84050006D1B725801BC5A70C4DAB1CFBFA5DC114D33BF66DA4BA362C4AD22E5DF5742BB5319A01434B5451162030B50828D20A72BB418824F5555D9E1
                                                                                                Malicious:false
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF42a2d6.TMP (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):475
                                                                                                Entropy (8bit):4.96930632548093
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4TX:Y2sRdsRdMHSOL3QYhbSpDa7n7
                                                                                                MD5:FBDCC2772AA26D64959F72A60AEED4DF
                                                                                                SHA1:65DC55AD8E6AF60BDBDD0E6F3BCA306D1B4706A3
                                                                                                SHA-256:6C648B6773C99F25E60A691E688BE640F52738A14D94F8FADC01AE9E9EF81C05
                                                                                                SHA-512:036D6EC84050006D1B725801BC5A70C4DAB1CFBFA5DC114D33BF66DA4BA362C4AD22E5DF5742BB5319A01434B5451162030B50828D20A72BB418824F5555D9E1
                                                                                                Malicious:false
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\TransportSecurity (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):203
                                                                                                Entropy (8bit):5.296865367545073
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YAQNsNXuObqJx8wXwlmUUAnIMp5YLL22SQ:YyZuObO+UAnI2ZQ
                                                                                                MD5:5C0AD1163C8B5F248F489608EA186A4C
                                                                                                SHA1:9A8B385C0E455A8DB7E7BFDC5A728B5AA2B0BF69
                                                                                                SHA-256:0CD65CA30DF86DCC5DB2C355573B4169F54D04B76AB0DA4961A86C05FA2BBF45
                                                                                                SHA-512:80FB8B036C79AD78465EC6B7F56FD430732B1088BA173906E094D94510E64E6044D469911ED3FDC6B316984CB7DD3E543DB3996E669F0C292773622241BE4001
                                                                                                Malicious:false
                                                                                                Preview:{"expect_ct":[],"sts":[{"expiry":1745769117.161779,"host":"fm9KDTkCEEOhjQ0Uz3wemEDKt2V49zM91BbUE6ob8vg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1730217117.161786}],"version":2}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f7949625-9da5-4523-ab9b-73e297971f3f.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:modified
                                                                                                Size (bytes):475
                                                                                                Entropy (8bit):4.964484232732606
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqFkEsBdOg2HyuAAcaq3QYiubSpDyP7E4TX:Y2sRdsVpdMHyuAr3QYhbSpDa7n7
                                                                                                MD5:300E036CDD7C7D5A718486ED7152B28A
                                                                                                SHA1:FAD56D01E683001F5009FFB3B95C007944CA65BB
                                                                                                SHA-256:B29D6C1C01B629438637DD8A4382B697C9D670FF0078EF229A1514F7E4D13A33
                                                                                                SHA-512:629777359EFD1398F58FD368056ED2306C76BDD09A06EBB4E38A11BC2105BCD821ADBEE692AC6B29233DB69AFAB0AFE98158E54F35DBAA10EABFC5EB9CC635C0
                                                                                                Malicious:false
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374777119293003","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":429271},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):4099
                                                                                                Entropy (8bit):5.231896908655786
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPTZzzfV:CwNw1GHqPySfkcigoO3h28ytPTZzz9
                                                                                                MD5:3AB898DEE023A3A092AA739DEAF15580
                                                                                                SHA1:A383EA6BE572445632431697F6AD053E7EBF1903
                                                                                                SHA-256:75864FF90C42F45A3F0C455691FF28397ABDCB68112C3ACAE07382903DE14AC2
                                                                                                SHA-512:294D4C896645830CD542216E3B8DADE11D2240611846CE1B7050583DB5E6CD587259EF4FED6B575699AE0B0722FD11A82A3F309825B0C84BAB095BEFF68AE5C8
                                                                                                Malicious:false
                                                                                                Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):332
                                                                                                Entropy (8bit):5.236593403904326
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:9WN4q2PcNwi2nKuAl9OmbzNMxIFUt8MiAH3JZmw+My/DkwOcNwi2nKuAl9OmbzNq:cN4vLZHAa8jFUt8OXJ/+R/D54ZHAa84J
                                                                                                MD5:A25DAE37316A94DC0B9A77ACB792F222
                                                                                                SHA1:B7D328D0AC2F1084F3255D99793E301339898F9B
                                                                                                SHA-256:ADF6C58337A103A51B3BF4E4A233DE07C1D7AF39107E91AA56D0C54F209BC1D5
                                                                                                SHA-512:43A0C72740BC3686E3726C9F1A678AFE18314F2D08564B5A3D935E8114030392F6822477AB63B0F32EFF418B23DD990A252C39C8EAB22C897B3671FD96AD9F3E
                                                                                                Malicious:false
                                                                                                Preview:2024/10/29-11:51:48.558 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/29-11:51:48.560 1e64 Recovering log #3.2024/10/29-11:51:48.569 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):332
                                                                                                Entropy (8bit):5.236593403904326
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:9WN4q2PcNwi2nKuAl9OmbzNMxIFUt8MiAH3JZmw+My/DkwOcNwi2nKuAl9OmbzNq:cN4vLZHAa8jFUt8OXJ/+R/D54ZHAa84J
                                                                                                MD5:A25DAE37316A94DC0B9A77ACB792F222
                                                                                                SHA1:B7D328D0AC2F1084F3255D99793E301339898F9B
                                                                                                SHA-256:ADF6C58337A103A51B3BF4E4A233DE07C1D7AF39107E91AA56D0C54F209BC1D5
                                                                                                SHA-512:43A0C72740BC3686E3726C9F1A678AFE18314F2D08564B5A3D935E8114030392F6822477AB63B0F32EFF418B23DD990A252C39C8EAB22C897B3671FD96AD9F3E
                                                                                                Malicious:false
                                                                                                Preview:2024/10/29-11:51:48.558 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/29-11:51:48.560 1e64 Recovering log #3.2024/10/29-11:51:48.569 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                                                                Category:dropped
                                                                                                Size (bytes):86016
                                                                                                Entropy (8bit):4.438966651290209
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:yeaci5GyiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1iurVgazUpUTTGt
                                                                                                MD5:4BC8C3074C30852DEEB7A5540EBE11FC
                                                                                                SHA1:70C785179957F7AED072AED275AC078DAE516BCC
                                                                                                SHA-256:3BD6F99BF639F13C158F5EE3F347381560F823FE2835A9239591CFBA67A215FE
                                                                                                SHA-512:53A99087ECF20F035DC3A240DB4AFA2154BF929ED20333F4360945DDEE90CB972A02FEC271C6DE682C70412B1C262E0AE31D083CD26AB5A0627A7C8294618FD6
                                                                                                Malicious:false
                                                                                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite Rollback Journal
                                                                                                Category:dropped
                                                                                                Size (bytes):8720
                                                                                                Entropy (8bit):3.77753626794009
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:7M3p/E2ioyVqHioy3DoWoy1CABoy1vkKOioy1noy1AYoy1Wioy1hioybioyFIoy1:7QpjuI0iAcXKQzJb9IVXEBodRBkD
                                                                                                MD5:729755A543584C57CD66E20E19D18D35
                                                                                                SHA1:39EE9BFCEEC0B1D209B7E41DBB11D9D158D5D2A7
                                                                                                SHA-256:A53C7A1736A7D45B70C94028E758FE681926F7ACCD9F5B771F34AD7136B02860
                                                                                                SHA-512:FEFA9EBCF3CA9B9D64C83B36B416270B485437ECA5DD23AF1BEEC14A3F1CD78637E4B07FA1DF2D66DBFD550A910227F9F0D77F8FA1BBBA1CF51733FF0BA7CF4F
                                                                                                Malicious:false
                                                                                                Preview:.... .c......9.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:Certificate, Version=3
                                                                                                Category:dropped
                                                                                                Size (bytes):1391
                                                                                                Entropy (8bit):7.705940075877404
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                                                Malicious:false
                                                                                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                Category:dropped
                                                                                                Size (bytes):71954
                                                                                                Entropy (8bit):7.996617769952133
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                Malicious:false
                                                                                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):192
                                                                                                Entropy (8bit):2.7895108629891827
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:kkFklC6FlMlXfllXlE/HT8k9+z1NNX8RolJuRdxLlGB9lQRYwpDdt:kKbulMlIT80+z7NMa8RdWBwRd
                                                                                                MD5:A92E0F025A1B1F24777E09DE85EC7735
                                                                                                SHA1:405B93E9A07D735A31DB75157E0F7995CFC8F8AC
                                                                                                SHA-256:90994E35CF808C8CDEFC6EF64BF77CFA1D1BDC206A97AABB0CED21FBE9A127B9
                                                                                                SHA-512:DD61963DD5578140CB9E881DF77F7C3393A5A45F76F5623D964447FF531FF1731FC96CABB87F972C642339C8B3075DB4CAE4A193FC6F2C0405162DAF20058C91
                                                                                                Malicious:false
                                                                                                Preview:p...... ........._.{.*..(....................................................... ..........W....X@..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:data
                                                                                                Category:modified
                                                                                                Size (bytes):328
                                                                                                Entropy (8bit):3.150184159866505
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:kKbn99UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:TnkDnLNkPlE99SNxAhUe/3
                                                                                                MD5:F348ED174F9B692FC975BBEDE67888CC
                                                                                                SHA1:B6CE2336973D7286C609D81A7C3CADA388434B9F
                                                                                                SHA-256:31E9714ADBA52C1EF708A27A778C99AC0A8AAAEFAE3E5B062E12A6AE72C7A649
                                                                                                SHA-512:DE3272998345AA927AD259C0B0D2DABFE1D4CF3C89E252CC96805D5C4AEBB8D4AE14BFBCDCA8F40FDB46DF07AC2891AA1B77384B9AAF3E8B46E059402FF950FC
                                                                                                Malicious:false
                                                                                                Preview:p...... ........5....*..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):4
                                                                                                Entropy (8bit):0.8112781244591328
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:e:e
                                                                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                Malicious:false
                                                                                                Preview:....

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):2145
                                                                                                Entropy (8bit):5.080886708542914
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:Y38YvXvwvfb7ACHaECU6akn2ZqijwiIE0O:ufif4oh612ZdXrz
                                                                                                MD5:BF56EA3311E537D07F5F6FEA9CAE4460
                                                                                                SHA1:D7F799E8E657D02A0C5199FD4ABCAEEA149BFDCA
                                                                                                SHA-256:E324C92627E85634AE9DE4B854794E315D857EB70010B32EE11F84AED5DF8E2B
                                                                                                SHA-512:5DB4540D641EC8C8DC5B1806041B7D01BCC3FD58DD7AF940B82C9A121B4C7EE2E37E98EE0DAF768F6036F97B320D0432D405A4518187B2C0FF01F17721B9C874
                                                                                                Malicious:false
                                                                                                Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1730217110000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"600435bc6c3bfd6739f3c39b93bb45a3","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696492435000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"5c23293c742ed52b97ce6913651e2bac","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696492429000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1281d7dbf4238170aa87c435aca63c66","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696492423000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"824a4ec59c469b030f3b98175cf76e67","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696491691000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9e3dce9d3ce52b8c98d60243d5cf7aa0","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696491691000},{"id":"DC_Reader_Edit_LHP_Banner"

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                                                                Category:dropped
                                                                                                Size (bytes):12288
                                                                                                Entropy (8bit):1.4533452028845728
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsielQ4:lNVmsw3SHtbDbPe0K3+fDZdk
                                                                                                MD5:BA679B68225FB0EBCE25E55D66A7AB22
                                                                                                SHA1:22C8F8F1F8F9D66CC07AF6BFCB1399984F5E86C2
                                                                                                SHA-256:21A57613FDAC00AABD0ECB2E50B91DD3C1F97A51B3D41C86B8EE3B34C95B3499
                                                                                                SHA-512:8631B64011DA6DA9717460E34DEBBDBF82A5FBF6641965543EE80752CB5043BF9F2E446CE0417AB1AE0BFD11C9F6A660A1283C9D470779067053E5C58CCFE928
                                                                                                Malicious:false
                                                                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite Rollback Journal
                                                                                                Category:dropped
                                                                                                Size (bytes):8720
                                                                                                Entropy (8bit):1.9559313208404003
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:7M1rvrBd6dHtbGIbPe0K3+fDy2dsiPxqFl2GL7msw:7E3SHtbDbPe0K3+fDZddKVmsw
                                                                                                MD5:C106B1E0E0A68E5ABD24CFDB01714F96
                                                                                                SHA1:A39ADDF6CB2D45A75B5DE66C0DD1BD8AA9852760
                                                                                                SHA-256:39A8DDA22BD6929D744D94AC5F85A8A578308D7A7346751AF14A63BF037FAF2F
                                                                                                SHA-512:FA55D5EFD81B945D5A246BEFEC42BD271A536D8194B62EFC50687B66C8AC25C59B93754228861D7091D4C0BC7B9BD62224924D4EC93CEA933914E4148449F237
                                                                                                Malicious:false
                                                                                                Preview:.... .c......E9.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 11-51-49-757.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:ASCII text, with very long lines (393)
                                                                                                Category:dropped
                                                                                                Size (bytes):16525
                                                                                                Entropy (8bit):5.386483451061953
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
                                                                                                MD5:F49CA270724D610D1589E217EA78D6D1
                                                                                                SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
                                                                                                SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
                                                                                                SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
                                                                                                Malicious:false
                                                                                                Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):15114
                                                                                                Entropy (8bit):5.324884864199771
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:kLf6vv+c4aCC39j0mUZUs3ssFOVmoF9g6Z7PtFVvyzjJ3Gkj2RZ/YPYJMKWr6DzV:Nhx
                                                                                                MD5:510E75017793510CEEA133B7E86B4A09
                                                                                                SHA1:B833CD722F81A93A6CAAF5C6E61100176614A93C
                                                                                                SHA-256:C05D65983CAEADBC942AFFF418B90C34B12FC48451103612A577043E9CE81860
                                                                                                SHA-512:4732A8E4DC9B90BA07AC5F9E84442C6F9D318DFA9624DAFDD01B673DC0AD34F673C52B5300EA8AF63D8EBC79711C42F3686889BD92B538FE6F9DDC041BF14C38
                                                                                                Malicious:false
                                                                                                Preview:SessionID=b73298e7-30ad-4286-93a7-ab9b932e8b0e.1730217109790 Timestamp=2024-10-29T11:51:49:790-0400 ThreadID=7464 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b73298e7-30ad-4286-93a7-ab9b932e8b0e.1730217109790 Timestamp=2024-10-29T11:51:49:791-0400 ThreadID=7464 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b73298e7-30ad-4286-93a7-ab9b932e8b0e.1730217109790 Timestamp=2024-10-29T11:51:49:791-0400 ThreadID=7464 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b73298e7-30ad-4286-93a7-ab9b932e8b0e.1730217109790 Timestamp=2024-10-29T11:51:49:791-0400 ThreadID=7464 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b73298e7-30ad-4286-93a7-ab9b932e8b0e.1730217109790 Timestamp=2024-10-29T11:51:49:791-0400 ThreadID=7464 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):35721
                                                                                                Entropy (8bit):5.414185011912146
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gR+5:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRk
                                                                                                MD5:536F6CCAE3A322AE6AA1D57E05866DB1
                                                                                                SHA1:6BE0643B518C7073968F098D86F19F92FB3071CE
                                                                                                SHA-256:80D497DE535C164ABC1F6693E4132C2048ABBA79BAD0ED3B39AEC3E0BE54A486
                                                                                                SHA-512:1F192EBDE79B601568A87F27B367D4B2CACBF5F61B6C44415ADDAEBCA4DE34701CEBEDF93529DDAB46CD2A39D38A5F8C0C358DC62838F4A2F8686EADC6633943
                                                                                                Malicious:false
                                                                                                Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\49bf621b-c5e0-4a54-8bd5-5c2d5aeba465.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                                                Category:dropped
                                                                                                Size (bytes):1407294
                                                                                                Entropy (8bit):7.97605879016224
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                                                                MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                                                                SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                                                                SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                                                                SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                                                                Malicious:false
                                                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\4e9412d0-5eb2-4ee7-b136-1df5f3aa75c7.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                                                Category:dropped
                                                                                                Size (bytes):1419751
                                                                                                Entropy (8bit):7.976496077007677
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
                                                                                                MD5:CA6B0D9F8DDC295DACE8157B69CA7CF6
                                                                                                SHA1:6299B4A49AB28786E7BF75E1481D8011E6022AF4
                                                                                                SHA-256:A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
                                                                                                SHA-512:9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
                                                                                                Malicious:false
                                                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\b6bcbe39-8da8-4ef5-8b86-bf9488d7b993.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                                Category:dropped
                                                                                                Size (bytes):758601
                                                                                                Entropy (8bit):7.98639316555857
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                                MD5:3A49135134665364308390AC398006F1
                                                                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                                Malicious:false
                                                                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\be033063-4763-4196-9c5a-1e2174b195ec.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                Category:dropped
                                                                                                Size (bytes):386528
                                                                                                Entropy (8bit):7.9736851559892425
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                                Malicious:false
                                                                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                                C:\Users\user\AppData\Local\Temp\file.pdf

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\J4zGPhVRV3.exe
                                                                                                File Type:PDF document, version 1.7, 1 pages
                                                                                                Category:dropped
                                                                                                Size (bytes):108190
                                                                                                Entropy (8bit):7.905258999017268
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:sr9GFXska83hLFSpS819rColq1zDLBcp7nt+F6hjKMHiRnJUkqpJFesRRsyRa9uF:qwFXPa83ef+olkrBAtZtCNqpq4syR2uF
                                                                                                MD5:DCFCC74B4BBB9269D597588002B04605
                                                                                                SHA1:2E48F41DB1098C1F392255091C3462FB663984D2
                                                                                                SHA-256:98A9020D81E818B5391A99CC8419006B83B2A8610A63F74A7AD97610C861F63C
                                                                                                SHA-512:CDDC9CDFAC718A8B5E20B67E682F36E02FE7524F23991FFADBE5F969E3284DE68F86E9A6C657FCE3F6166FB156BD7E339661E6133FB6CC3DFE57ADCCAD0E5FE9
                                                                                                Malicious:false
                                                                                                Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 19 0 R/MarkInfo<</Marked true>>/Metadata 75 0 R/ViewerPreferences 76 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 14 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image16 16 0 R/Image17 17 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 987>>..stream..x..X.O.0.~....{+.....lO(R.P.4$6...x.t<P......v.6)i.I.DS;.....|v.._.....%9>........\...x..y._L......i._....S.g..K...hH~w;.2.g..F.}j......,......@,..w;.l...9e\.-..d..LN/5..q..<.L6:.v.{..L.t;'..n...`H.*....b(.(......|...QoZ.q..&........{8T(...=...Q0.".....$B...Xq,6..j^..:..8P..PU. .9.H&..=......v...T.....j...[......./......g#.....f......K...de.b.*..v.#h.....B.B..!.A.%E..Hd.^.F....-}j.

                                                                                                C:\Users\user\AppData\Local\Temp\winrar.msi

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\J4zGPhVRV3.exe
                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: RMS - Host 7.5, Comments: This installer contains the logic and data to install RMS - Host 7.5, Keywords: Installer,MSI,Database, Subject: RMS - Host 7.5, Author: TektonIT, Ter-Osipov A.V., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Fri Sep 20 18:23:47 2024, Create Time/Date: Fri Sep 20 18:23:47 2024, Last Printed: Fri Sep 20 18:23:47 2024, Revision Number: {C457692F-C69F-4EF4-B4C9-3DF451F76F30}, Code page: 1251, Template: Intel;1049
                                                                                                Category:dropped
                                                                                                Size (bytes):27048960
                                                                                                Entropy (8bit):7.926083719323171
                                                                                                Encrypted:false
                                                                                                SSDEEP:393216:0n/UUnsM1J1mFLE15NXZrtu96+cO55sXDqcovKYw9ZSkPfmYJEe78zvNhE:KekLewZFkcO5iDiv5gfmYz
                                                                                                MD5:B4416A1D58BAF007E59F572B5ED0A5A4
                                                                                                SHA1:48F9B1E7E8FA3CD821911AF283A28E0DA7BBF91F
                                                                                                SHA-256:A45A4D586568C3762C7490ACA8EBBD61B226BCF261BE6C6C814796C47234B851
                                                                                                SHA-512:20FD414CEECFF597BD903AC38F5FC93FB3107895D4F20B7403BD5F27FF2FFF7FF8413C86EC460D34256420F8C1E8E4D3FE7FCF4651D19ED57655434B0E11C78B
                                                                                                Malicious:false
                                                                                                Preview:......................>...................................8........6..................}........................................................................................................................................................................................................................................................ ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...A...M...:...;...=...........?...@...T...B...C...D...E...F...G...H...I...J...O...L...N...o.......P...Q...R...U.......&...V...Z...X...Y...#...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                C:\Windows\Installer\41737e.msi

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: RMS - Host 7.5, Comments: This installer contains the logic and data to install RMS - Host 7.5, Keywords: Installer,MSI,Database, Subject: RMS - Host 7.5, Author: TektonIT, Ter-Osipov A.V., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Fri Sep 20 18:23:47 2024, Create Time/Date: Fri Sep 20 18:23:47 2024, Last Printed: Fri Sep 20 18:23:47 2024, Revision Number: {C457692F-C69F-4EF4-B4C9-3DF451F76F30}, Code page: 1251, Template: Intel;1049
                                                                                                Category:dropped
                                                                                                Size (bytes):27048960
                                                                                                Entropy (8bit):7.926083719323171
                                                                                                Encrypted:false
                                                                                                SSDEEP:393216:0n/UUnsM1J1mFLE15NXZrtu96+cO55sXDqcovKYw9ZSkPfmYJEe78zvNhE:KekLewZFkcO5iDiv5gfmYz
                                                                                                MD5:B4416A1D58BAF007E59F572B5ED0A5A4
                                                                                                SHA1:48F9B1E7E8FA3CD821911AF283A28E0DA7BBF91F
                                                                                                SHA-256:A45A4D586568C3762C7490ACA8EBBD61B226BCF261BE6C6C814796C47234B851
                                                                                                SHA-512:20FD414CEECFF597BD903AC38F5FC93FB3107895D4F20B7403BD5F27FF2FFF7FF8413C86EC460D34256420F8C1E8E4D3FE7FCF4651D19ED57655434B0E11C78B
                                                                                                Malicious:false
                                                                                                Preview:......................>...................................8........6..................}........................................................................................................................................................................................................................................................ ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...A...M...:...;...=...........?...@...T...B...C...D...E...F...G...H...I...J...O...L...N...o.......P...Q...R...U.......&...V...Z...X...Y...#...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                C:\Windows\Installer\417381.msi

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: RMS - Host 7.5, Comments: This installer contains the logic and data to install RMS - Host 7.5, Keywords: Installer,MSI,Database, Subject: RMS - Host 7.5, Author: TektonIT, Ter-Osipov A.V., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Fri Sep 20 18:23:47 2024, Create Time/Date: Fri Sep 20 18:23:47 2024, Last Printed: Fri Sep 20 18:23:47 2024, Revision Number: {C457692F-C69F-4EF4-B4C9-3DF451F76F30}, Code page: 1251, Template: Intel;1049
                                                                                                Category:dropped
                                                                                                Size (bytes):27048960
                                                                                                Entropy (8bit):7.926083719323171
                                                                                                Encrypted:false
                                                                                                SSDEEP:393216:0n/UUnsM1J1mFLE15NXZrtu96+cO55sXDqcovKYw9ZSkPfmYJEe78zvNhE:KekLewZFkcO5iDiv5gfmYz
                                                                                                MD5:B4416A1D58BAF007E59F572B5ED0A5A4
                                                                                                SHA1:48F9B1E7E8FA3CD821911AF283A28E0DA7BBF91F
                                                                                                SHA-256:A45A4D586568C3762C7490ACA8EBBD61B226BCF261BE6C6C814796C47234B851
                                                                                                SHA-512:20FD414CEECFF597BD903AC38F5FC93FB3107895D4F20B7403BD5F27FF2FFF7FF8413C86EC460D34256420F8C1E8E4D3FE7FCF4651D19ED57655434B0E11C78B
                                                                                                Malicious:false
                                                                                                Preview:......................>...................................8........6..................}........................................................................................................................................................................................................................................................ ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...A...M...:...;...=...........?...@...T...B...C...D...E...F...G...H...I...J...O...L...N...o.......P...Q...R...U.......&...V...Z...X...Y...#...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                C:\Windows\Installer\MSI7E5B.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):169896
                                                                                                Entropy (8bit):6.068969720857241
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:jqSoP/44Yvge5XKhpKJJdu+ew+BZPHbN2e9n2p+:j5g/ve5XKhMVJSIun6+
                                                                                                MD5:B5ADF92090930E725510E2AAFE97434F
                                                                                                SHA1:EB9AFF632E16FCB0459554979D3562DCF5652E21
                                                                                                SHA-256:1F6F0D9F136BC170CFBC48A1015113947087AC27AED1E3E91673FFC91B9F390B
                                                                                                SHA-512:1076165011E20C2686FB6F84A47C31DA939FA445D9334BE44BDAA515C9269499BD70F83EB5FCFA6F34CF7A707A828FF1B192EC21245EE61817F06A66E74FF509
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._`,"..Bq..Bq..Bq..q..Bq<.q..Bq..q..Bq..q/.Bq..qh.Bq.y.q..Bq.y.q..Bq..Cq..Bq..q..Bq..q..Bq..q..Bq...q..Bq..q..BqRich..Bq........PE..L.....,a...........!.....p...$......................................................U..................................m............`..p............x.......p..........................................@............................................text....o.......p.................. ..`.rdata..M............t..............@..@.data....1... ......................@....rsrc...p....`.......$..............@..@.reloc...L...p...N...*..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI8830.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):1445004
                                                                                                Entropy (8bit):4.928688695241539
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:NMMMMMMSLLLLLLL2MMMMMMSLLLLLLLucMMMMMMSLLLLLLLyW:NMMMMMMSLLLLLLL2MMMMMMSLLLLLLLu/
                                                                                                MD5:59869CA2C982AB98E24ED932FCDEB392
                                                                                                SHA1:03D8E0A485672A7B6D07DAA1C0BEAF27D09AE8C6
                                                                                                SHA-256:6887964A628664DFAA03C6F5EAC43A3B3C15154B2EBF71CD560AC01900319D86
                                                                                                SHA-512:E36F755C172CD464FFBFFC5AC94A126FF9CF4F769C5B19D969DA4B84B9B6022929EDBE6D11A2BF8C351EAE34842D370DADCC6508EDBDAFB8E64AE1020B6DA333
                                                                                                Malicious:false
                                                                                                Preview:...@IXOS.@.....@z^]Y.@.....@.....@.....@.....@.....@......&.{827D98D4-CA0D-43D0-8133-225659FBBC61} .Remote Manipulator System - Host..winrar.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{C457692F-C69F-4EF4-B4C9-3DF451F76F30}.....@.....@.....@.....@.......@.....@.....@.......@.... .Remote Manipulator System - Host......Rollback....B.:.0.B. .4.5.9.A.B.2.8.O.:...[1]..RollbackCleanup..#.4.0.;.5.=.8.5. .2.@.5.<.5.=.=.K.E. .D.0.9.;.>.2...$.0.9.;.:. .[.1.]....@.......@........ProcessComponents"...1.=.>.2.;.5.=.8.5. .@.5.3.8.A.B.@.0.F.8.8. .:.>.<.?.>.=.5.=.B.>.2....@.....@.....@.]....&.{74F2505E-B20A-4AED-968F-AE5B278DB38A}8.C:\Program Files (x86)\Remote Manipulator System - Host\.@.......@.....@.....@......&.{26EAB54E-4659-47E8-86F9-4CB74F7E03BE}...@.......@.....@.....@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}...@.......@.....@.....@...........@....&.{00000000-0000-0000-0000-000000000000}.@.....@.....@......&.{182310A2-CD9E-4171-ACD1-3AEDD260A15F}D.C:\Program Files (x86)\Remote Man

                                                                                                C:\Windows\Installer\SourceHash{827D98D4-CA0D-43D0-8133-225659FBBC61}

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.162700461853412
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:JSbX72Fj0JAGiLIlHVRpth/7777777777777777777777777vDHFa+pN03pSl0i5:JuJQI5pxiF
                                                                                                MD5:1995DB1A93EF8E0DC76768EA43A1D410
                                                                                                SHA1:1F5269085CE6F46459F8A9CEE2DDD693B548622F
                                                                                                SHA-256:536FC817A05BD1A3B7789905A6C0C4C5520F87A4674D8B7F3803880FF6E1BC8C
                                                                                                SHA-512:3598668A58520F93827C58F0FCB3B978E7A6667A688E33129FBC0C8E4DE4D1848DCA63B9793AD43B159B5E7EC6A77CEA3ABF7D5E64BD2BA8D6AAA4A9CA36DDAB
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.9702481706040955
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:YhU1DFTTkEhWOVbpUGkOzs9t4H7qKsGkOzs9FOulKW:11ZXkapIw7qK2K
                                                                                                MD5:578EDF21D8020715EE271CD36DAD54C1
                                                                                                SHA1:73615EBB3495A822512846263BFD6D7AC8654E4E
                                                                                                SHA-256:3321E5705868006AB786D009087533CC13552BEA0E81DD5F32591E6D468C0E9E
                                                                                                SHA-512:5CC39952D8B7AB56D8468027E93E96CD2086523CB235E27E42D95ED5A8B108383BF63F238E990B61EFAE3E7E988880A5FD93EEEE983B39F324C93BE0AA93327C
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\ARPPRODUCTICON.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):79000
                                                                                                Entropy (8bit):5.817114158024628
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:eMAyYdTmPJbgqcnDckJn2T1qAMxkE32T1PAMxkENF:e1U81ckJ2+xqJxX
                                                                                                MD5:CF607A6E2EFC98CC93CBA458D67409A7
                                                                                                SHA1:00A3A822BD2CEF028AC3D754384AC51572434FF6
                                                                                                SHA-256:CDA44F8CF3D3CD2C53BA0817C48BED83E2C272109A9E4E576EDDF44C1CDE3DCE
                                                                                                SHA-512:804C7C55ACDEF9563C20578CFF05EE343BEE534E1E1CF58A0DE79CD32E59A3CB32204D504F2CF2C2F3BBAE912DF487B60C4BFE71DC0C97A9385AE0FEECA80D45
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...................P....@.................................d4......................................4T..(.......t0...............d...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...t0.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):70808
                                                                                                Entropy (8bit):5.607528324359863
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:WdMAyYdTmPJbgqcnDc/soJx2T1rAMxkEO2T1MAMxkEt:Q1U81cLJ01x/QxR
                                                                                                MD5:88DA800311CCD13A668D0A5EAA097C58
                                                                                                SHA1:B8027DF74E3E163708216653175C0AB9645C415C
                                                                                                SHA-256:B873767C58AA6CD8567AEB280D972BE7DD3E4CDA467D243F03A0E4EA4656EFE8
                                                                                                SHA-512:94F53676AA881A158512CD3B6300CCC98852D922E2C805A2F3D213D4509F9476237B8E05190FE312ED3E85E18CF9C9DC6D6A9ABB59BD672CC3720ADE68D0D5CC
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...`...............P....@.................................:9......................................4T..(.......\................d...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...\........ ..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_config_C8E9A92497A149D695F92E4E3AE550F0.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):423064
                                                                                                Entropy (8bit):4.689677321402016
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:h1U81cqS/ZJgAmxJtAqXy/yxREpU1WyY68iuuuu6AppppppppEMMMMMMMSLLLLLs:zjcT6uuuutMMMMMMSLLLLLLLeYuCe1
                                                                                                MD5:DC2DDE26180A704020EA5F25FA3D4109
                                                                                                SHA1:AF1DE2D1FEE35B05DCB1E7C6244374BC384B1A1E
                                                                                                SHA-256:57981B06DC17914E7D4D20F499E2EEF7D32199EEA0D2A0B6E111610BD4D82E44
                                                                                                SHA-512:2BD7A3BC8F8DDD3803DFE7F8961A0443019EA1AAC2EBEF8B37219ABF8D3A9DE8C567CD356EC6595C6B4E4BB5C3ABFC33504EDBBEB40FAC323C4C624F269E8E88
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...................P....@.................................iE......................................4T..(........u...............d...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....u..........................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_start_C00864331B9D4391A8A26292A601EBE2.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):423064
                                                                                                Entropy (8bit):4.689846678978893
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:21U81cqS/ZJgAmxJtAqXy/yxREpU1WyY68iuuuu6AppppppppEMMMMMMMSLLLLLm:ijcT6uuuutMMMMMMSLLLLLLLeYuakse
                                                                                                MD5:DADE78A1FC5114E0D61D8C19C2ABE1D7
                                                                                                SHA1:247B722DC1E40B4FAE49C053B123FF676C462480
                                                                                                SHA-256:BB375A8CB025ED0ACF5E2EC3ED454EAC3B43BE0D4882D1DEC10547EB6BC6BFE8
                                                                                                SHA-512:0BE986369B9E0578F78357E7B6CBA625C96BD22B653254C95694ECF6A9130A6899171E97426477845C2A18D37814F1F39AB9870BA6B0D35F874AE1E2329DB0A7
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...................P....@.........................................................................4T..(........u...............d...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....u..........................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\{827D98D4-CA0D-43D0-8133-225659FBBC61}\server_stop_27D7873393984316BEA10FB36BB4D2F9.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):423064
                                                                                                Entropy (8bit):4.6899970675273615
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:+1U81cqS/ZJgAmxJtAqXy/yxREpU1WyY68iuuuu6AppppppppEMMMMMMMSLLLLL8:ajcT6uuuutMMMMMMSLLLLLLLeYuqWB
                                                                                                MD5:9A473B5B37C32DD7A4F6FEB49F77482C
                                                                                                SHA1:4FDC2A31959C3D224D1D764578F82443100FB0F2
                                                                                                SHA-256:DFCD1ADAC26965034DABC01340BD0DEA96D28B92551B94A1078C00B632A38019
                                                                                                SHA-512:F0F2EEF60958FC3617052ADF5CE881E1896A7D24C5F5CFC9049854E7AA1BBB699879BAEC807734F9EDF6C25EE26AE4317D2D8C9317AC3023BD0EF707BBB6BA39
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L.....-a.................@...................P....@..................................Z......................................4T..(........u...............d...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....u..........................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):360001
                                                                                                Entropy (8bit):5.362976185422579
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauI:zTtbmkExhMJCIpEF
                                                                                                MD5:BB2CE8940B8A87DA2A94AD04C374AFAD
                                                                                                SHA1:16CD6E3F7F515C9767D9FAABC0D5A53D5BC5DA9C
                                                                                                SHA-256:34256DF7631D6C7A12F402FC01EB61E61833A5E2D6162CC6D1C823C3A9595F81
                                                                                                SHA-512:84C0BBCF7F891CA4FCFD7EC30A7CBA219D80BC585647C00E0F7F5BB954818A2FEE04E18EDA11C1250E17B445CFC7D5A73D89C3BF6046437A6FBF0EDC4EB4F6DC
                                                                                                Malicious:false
                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):55
                                                                                                Entropy (8bit):4.306461250274409
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                Malicious:false
                                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:modified
                                                                                                Size (bytes):2464
                                                                                                Entropy (8bit):3.2455651021712324
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:QOaqdmuF3r3+Y+kWReHgHttUKlDENh+pyMySn6tUKlDENh+pyMySwwIPVxcwIPVs:FaqdF73r+AAHdKoqKFxcxkFdh
                                                                                                MD5:FF76FEB3BD89C56C8D7CC5CBA20780B4
                                                                                                SHA1:6CE08598FB9F6A708A58A1E70E3A8064B02E293A
                                                                                                SHA-256:347AB4AC628725086CE205A1C6BF6F7DC9F66328A868BE301B5BACF51A8085A1
                                                                                                SHA-512:5FC8143987AB841AD73FB53B0C6F269946FFC871BC7FE913EF2664D16A5AFE83C2A7906B9571BCAC31C516C83C658BEC3DBDC99B7EE88BE35A98431B9D31DD54
                                                                                                Malicious:false
                                                                                                Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.u.e. .. O.c.t. .. 2.9. .. 2.0.2.4. .1.3.:.0.2.:.0.3.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A62E94087F64223B9812F11186592BA

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):6327
                                                                                                Entropy (8bit):6.449679524443466
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:z88fedNBkYmUiaCE5XFO06rYCqRXUBQv/dd4EmrA:wvdJiaCE5XMrhQv/dvmc
                                                                                                MD5:7986A077EA538F991E6BCA4186A6FC5F
                                                                                                SHA1:D103255066DE3E4FD4BD64E460760803C62EE171
                                                                                                SHA-256:991D3734F3D27E7DFB63E26F0105D6E1DA42C0E68E4639F3A1E9B086692ADCE2
                                                                                                SHA-512:2A2A68877DA12173908537D058E37B9CE5875B8E5B57C3CBF652D2235189D7A1AF51B909866B88DA2462BB8E579F706151761BB865455F1BFA1164388B6F896D
                                                                                                Malicious:false
                                                                                                Preview:0...0......0...*.H........0Y1.0...U....BE1.0...U....GlobalSign nv-sa1/0-..U...&GlobalSign GCC R45 CodeSigning CA 2020..241029144436Z..241105144435Z0...0...$....oZ&....240813120056Z0...z..t{..|...210126064802Z0...b.....$......210222211006Z0...KOY7A.HI.._e..210222211004Z0...r..'wi..]..n..210222211002Z0....&......e...210222212203Z0...s..........S..210222212205Z0...<.r8>.,......240904080004Z0....!.Z.j.....o..240906101526Z0...&e.....U.....240916183602Z0...2p'.]A..AL..210225044747Z0+...>.".K.y..<...210226150613Z0.0...U.......0...6..C..M.1...210308171016Z0...5.L<ea..X|.e..210326070003Z0......%...R~..v..210528124802Z0...wP...:^....M..210709151203Z0...i#c~c...x0W...210406072402Z0...H.....?..a...210428153602Z0+..s...O...a.I..210503115753Z0.0...U.......0...Y.Y....^.^...210524083602Z0+....iW..(v..9...210604033751Z0.0...U.......0...~.T..!...h.}..210604164111Z0......q..k.0.u...210615133333Z0...\C...."{......210621174758Z0..._Kx.B.........210622165609Z0...*..U...$......210712152133Z0

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                                                                Category:dropped
                                                                                                Size (bytes):4770
                                                                                                Entropy (8bit):7.946747821604857
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                                                                                                MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                                                                                                SHA1:719C37C320F518AC168C86723724891950911CEA
                                                                                                SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                                                                                                SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                                                                                                Malicious:false
                                                                                                Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):1712
                                                                                                Entropy (8bit):7.620888567247171
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:DDwiqXhFVYJZy76dszxdu6PMPhZYMvV0wo:5VyWAxIksZYMZo
                                                                                                MD5:0036C7F3034883C50AB8770F4B77045C
                                                                                                SHA1:171AF8EAB9C0912B556F085E2FEC04345154AA8D
                                                                                                SHA-256:3D799CB384DE12760B12F3B507FC082801A18015C10A6CB4A2FC833B1224B63B
                                                                                                SHA-512:2B3FCBD249E6C684B703D6BD81E368FA12B1EF51982D184A441800A7ABA9661279E4BFD1BE6E971F8B66A140A792CD4407FF1B618FE7ACF2CC341041C3427F9A
                                                                                                Malicious:false
                                                                                                Preview:0..........0.....+.....0......0...0......]...RM..j....4V[..9..20241029143132Z0s0q0I0...+..............B..M.%..Dg..5 .....F...x9...C.VP..;..w.......T..r...G....20241029143132Z....20241102143131Z0...*.H...............=%.DA.....Z..#:Z.!.hb...)..$..Tg.....0...k7.bo .U.{.=..........o(!o.>.cQO.PB....phn.Q.....Hd...GC...k..I/.R...Hn.9Z..-.f....G..g.?...p(nu.i..b..c=.......R....i..,..lW.GGI.L.f2P..I..x{..e.Cv....4-Z.KG..12..R=p..}...FK...x4.......N....<...J..I....0...0...0.............l..w..Q......0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...240417032406Z..241115000000Z0g1.0...U....BE1.0...U....GlobalSign nv-sa1=0;..U...4GlobalSign Code Signing Root R45 - OCSP 1.2 202408070.."0...*.H.............0.........\..L2...........t.....A~iK.N./.;.x...d.}...#.L!.7[PE#...Lce..s.9......v....4...5.R.YN.e.:.T.l.P...../..8g?zq.....>......g&#..:.l?.x.......nC#......?...p.{6..).u.S.........c..A...#.;L..o...7.~.x+q..D|5.i

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_E818918BC57803438E0E0146A88425A7

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):1680
                                                                                                Entropy (8bit):7.633697772176036
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:+sU22Ck1tkG8b7nIxCw5DgSUnpU446J8WpNTE:FcCk1tkvb7n4Cw5MSiw6mOTE
                                                                                                MD5:774C41BFFEAC2F39CAF9D4D9E5B1C269
                                                                                                SHA1:6995001BDB15C04ED44B7C49C4DD1D006FFC9F0C
                                                                                                SHA-256:AE55743B397EA98C721BBE2323C085C257ECA1E81C90D7126727B5B688FF3418
                                                                                                SHA-512:AB045893C033CADED4F08EC56215534E26C792BA9632A650604C2FB9E3DD174B019C92D7C59AD9E8352FAC6C21D60F3BBC06ADC53B1D1032A3B5878C05A3113C
                                                                                                Malicious:false
                                                                                                Preview:0..........0.....+.....0.....r0..n0............`...H,.&...=...20241029143304Z0o0m0E0...+...........r...nK..._..[.Q.....$..kw...Y.!gdv.x..vF...M...k3....20241029143304Z....20241102143303Z0...*.H................s>..T.p.K..<...m.f.c.k$h".K.....OD.=.}^E...f)0;.......k....a....H.c...<.|C..GX...HbD..`....HPb.........]Bv.D..?.fv.....g-..lE.V......d.W.Y.}.F.S.Up.........H[t.b.a1.t.Yw.t.~.?Q..>..]+.z_t...2.E.9..f....$..'r$.O?...~.A.@...2.:.`..b4f.Q-........0...0...0..........f3...z.....0...*.H........0Y1.0...U....BE1.0...U....GlobalSign nv-sa1/0-..U...&GlobalSign GCC R45 CodeSigning CA 20200...240920234113Z..241221234112Z0Z1.0...U....BE1.0...U....GlobalSign nv-sa100...U...'gsgccr45codesignca2020CA OCSP Responder0.."0...*.H.............0.........+..6b.I...$...f.C.K?}.s...r;.y.m,]q.....@.N.2..x.F5Y........%.).....>.yH.....*.\.9.<..ns..,..jQ.....~..V.N..Y.........8.a..Rg..A3....[.p<......by..Y.y...9....7%.%.i$..I..T~........2i....R..rW..~.!..e...;....\.9;<L.._..I.Fe.

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):1435
                                                                                                Entropy (8bit):7.4788830223435685
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qB4wjIZwoqELj163NJZO0UQF7YS6Q1hGTKa/UzuhruWQZNokJ5/3:vXuoFEZO0J9YS6AK3/U+ufJR3
                                                                                                MD5:F02A93B8FC29E79176EC504BE405CA76
                                                                                                SHA1:D4D6635BF298C774FFCA7FCC78745D1D8F239A4E
                                                                                                SHA-256:FDDB178A63E771B728483B38F1942AB6E55A9A22499EFBB3790477044AA06E46
                                                                                                SHA-512:A949C07BE3C32B73B16B42BB49EB2A88E0F54F9B909E1B0F801CE00C7D67D0BFB588E579F28E518AF6B037E9828019CA01E41E606584BBC5F7D9BFDE796413B7
                                                                                                Malicious:false
                                                                                                Preview:0..........0.....+.....0.....}0..y0.......#J./....%UB....S..i..20241029142022Z0s0q0I0...+..........h.$..*y.u.3.V..G.....K...E$.MP.c.........x..BEp.A.o...T....20241029142022Z....20241102142021Z0...*.H.................K.^....E....J.......z.............0.B@M...A.h....f>@I.Z.il.4.T;...5a.../..M.,g.K....)?.{7{..k.]T..>..."..w.6..B..c..j..."...lp.......JT[P....)4Gg....K.'V... ......X.......D'p29..V<.I./.}H.V.|..&T...S2.RGD..a....'....Oc..tz})r. ...v...G..wM.m...0...0...0.............l.=}.....?^..h0...*.H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign0...240417032334Z..241115000000Z0Y1.0...U....BE1.0...U....GlobalSign nv-sa1/0-..U...&GlobalSign Root R3 - OCSP 1.2 202408070.."0...*.H.............0..........(....n..7>...;.Y...'.C...5..C;/d...q........W.}..I\.[..7Yb...m....2..il.7=...r..}.....d?e...}x=!.q.fR.{.....Sd.wf=...`;{.;.B...G..:..xI.Y......Z..BU....'...i..a..#..i........M|.-.}.?:a".'...w...-......./F0.Aw.......q..o......t.....{

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD92F95DED26541D3AF7F44DC7914843

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):721
                                                                                                Entropy (8bit):7.509448772658927
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:iyKyEmS4gh0PmHKN1htQkNvWOJ4egFUtv9uw4IbPaOgUfLFa1xXHmfhHPmUKYF1n:isPS4ghBCjvWPegFUNrLa+Lk1VF38n
                                                                                                MD5:F62EB6FC89FCB2E84A96665DCEB28095
                                                                                                SHA1:9E0D2B2164EE619BD27290210E72804D7202077B
                                                                                                SHA-256:DB1288D243E86E05F5C16D9BACA7FF66F2F174C237E01C17419F3D8FB067F537
                                                                                                SHA-512:412792594C68BF2C109DB2E05C50CA1035E2FF66B9B406EEB7643272F8C3B5B40A186EC498D47933680CAAEB347EAB656C7E70D753D22BA57241D0E93DD5B699
                                                                                                Malicious:false
                                                                                                Preview:0...0.....0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R45..241007000000Z..250115000000Z./0-0...U.......0...U.#..0......F...x9...C.VP..;0...*.H..............p.!.....bE...K..~.&u.3.>.,............L.........l..v....2..Um.c..0..#...\.Q.b4.R.Q^..`$[.?B....=....G......M.....N*l.a.b...M.A......k.....3./s?.|c....&bx$.^....6.=...H..p...8oe..]]<$......t...q..t5Kaw.YV.A.7f...s).4U..<..._9.P..:..9.[.S.:F..C.s..^_.'.A.........1.=...i.+j.,....m........Y.g.......`.d..]a.....f.D.!5.6$.h....7.`......;..a..*d.....u..........Hk..J.m..B.jM.P......~....$}..\^P.n..F.Y...n...P...WG....L.Y...D.S......k...w.f?...LK.......+...#F....4..*pGcG.)/%.D~.1..o...s.M.B.e?P

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A62E94087F64223B9812F11186592BA

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):222
                                                                                                Entropy (8bit):2.7772562789012345
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:kkFklIS6+kfllXlE/HgzlllllgRlR8rHelJlWlLltUKlrlxUXW4mgelSlj:kKRS7qllgDpWhliKxlxUDmgrj
                                                                                                MD5:B2CA6D8CFFD1B38D9E17626E2FF4B58C
                                                                                                SHA1:1182CA2BD798D96C800196D9847A9AFC7669A3ED
                                                                                                SHA-256:053F50D17ED1A44AE4DB79E075537C108F9A2E9FE4EBCBFD7FA4F01B6D202354
                                                                                                SHA-512:37974CE8D80A2229FF88C087E89FC02A98B12B98BEB1778558867223F1CB6A3F8635B949757C59B29B8F0D4B2FBEA65F67FF18FD1429275738A772A3810E6884
                                                                                                Malicious:false
                                                                                                Preview:p...... ....j......R%*..(....................................................... ........"...*......................h.t.t.p.:././.c.r.l...g.l.o.b.a.l.s.i.g.n...c.o.m./.g.s.g.c.c.r.4.5.c.o.d.e.s.i.g.n.c.a.2.0.2.0...c.r.l...

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):338
                                                                                                Entropy (8bit):3.174857563182266
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:kkFkllAZfllXlE/0htlX16pFRltB+SliQlP8F+RlTRe86A+iRlERMta9b3+AL0Wy:kKQN+SkQlPlEGYRMY9z+s3Ql2DUevat
                                                                                                MD5:CD60C6D6737C745C64691D3CD2DBCEBD
                                                                                                SHA1:56BF6BEB9A967A6FF703A3F5BA64EB614285E28A
                                                                                                SHA-256:2889E9A5F703CD0853DCF8EC3A196202EC250E545E379E783BEE7DA19B27CFE6
                                                                                                SHA-512:2E936A3DBCAB7A1902CCAD17A6EFDDA86681BAEEF8C564B1F15AAAC565E65C74579BAF986F8D2AFB73FF707C92A0F8DB6909C13E97E68102A145F4A52382055B
                                                                                                Malicious:false
                                                                                                Preview:p...... ........O..-%*..(....................................................... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):532
                                                                                                Entropy (8bit):3.9923996611540007
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:TGoNyY/DWzJqe3KQj22iv8sFF1gUeMalCrlQNlVgfMceOT0YQ:ThyY/DgJRjYvP+U7uCKlCMcF0YQ
                                                                                                MD5:66745CA6FE3F2DFFD461A4C74082C96F
                                                                                                SHA1:68BDFE6D3F5C90E8D6D04951B3056E2B26970E49
                                                                                                SHA-256:72BC284C365213DECA5515C66E172F192278B716295B6001FF520DC373802788
                                                                                                SHA-512:CC98AC17F1ACADE53BC0AC84EB1C437E9F119C4DA772D4B91D3B81CDDF9314D91FD5926B4E9C2D0A23148B23109AF66AD34B4B4C6BD0AF6B8FD8A6BEFBF4F3FC
                                                                                                Malicious:false
                                                                                                Preview:p...... ....J....D.R%*..(................:.?.*......3-......................3-.. ........:.?.*......V...............h.t.t.p.:././.o.c.s.p...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.Q.V.F.Z.P.5.v.q.h.C.r.t.R.N.5.S.W.f.4.0.R.n.6.N.M.1.I.A.Q.U.H.w.C.%.2.F.R.o.A.K.%.2.F.H.g.5.t.6.W.0.Q.9.l.W.U.L.v.O.l.j.s.C.E.H.e.9.D.g.O.h.t.w.j.4.V.K.s.G.c.h.D.Z.B.E.c.%.3.D...".1.7.1.a.f.8.e.a.b.9.c.0.9.1.2.b.5.5.6.f.0.8.5.e.2.f.e.c.0.4.3.4.5.1.5.4.a.a.8.d."...

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_E818918BC57803438E0E0146A88425A7

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):544
                                                                                                Entropy (8bit):3.9395462513168633
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YEH48l/HfDWzf79bLgLzK8sFAY6ealztksMSJeXpDG4:DY8tHfDgz9YLmvqY6m7pC4
                                                                                                MD5:8A7C53D392FF84DDD81C7E780E32B52F
                                                                                                SHA1:E14069D8CB588425150EC5788716B29BA2687DF1
                                                                                                SHA-256:5C2493692BDCC855EE11354D546905A8A09CB07C177423FC9BF30F8290C9CD23
                                                                                                SHA-512:5EA05D688C6CB5039C4E12E7F2F74B8CA4E924D2F9EB0B9C84A457B0E066222C0CB3A37566777E6966520266D195FECD770756277552284060284E54016C6EA0
                                                                                                Malicious:false
                                                                                                Preview:p...... ....V.....R%*..(................P.v.*......4-......................4-.. ........P.v.*......V...............h.t.t.p.:././.o.c.s.p...g.l.o.b.a.l.s.i.g.n...c.o.m./.g.s.g.c.c.r.4.5.c.o.d.e.s.i.g.n.c.a.2.0.2.0./.M.E.0.w.S.z.B.J.M.E.c.w.R.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.L.u.A.3.y.g.n.K.W.%.2.F.7.x.u.S.x.%.2.F.0.9.F.%.2.B.h.H.V.u.E.U.Q.Q.U.2.r.O.N.w.C.S.Q.o.2.t.3.0.w.y.g.W.d.0.h.Z.2.R.2.C.3.g.C.D.H.Z.G.D.p.D.i.h.E.2.3.%.2.B.Y.N.r.M.w.%.3.D.%.3.D...".6.9.9.5.0.0.1.b.d.b.1.5.c.0.4.e.d.4.4.b.7.c.4.9.c.4.d.d.1.d.0.0.6.f.f.c.9.f.0.c."...

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):508
                                                                                                Entropy (8bit):3.9706591420994912
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:gTRLZMjVDWzFU8iv8sFt4QAfROA/pULrKYGIvemxf:OLZyVDgFUhv/ofROS6Lrxeef
                                                                                                MD5:464024F517CE9976EFC1B9C07548A33C
                                                                                                SHA1:7595C519B9FC826AB2BF7F568C80172E03D156DC
                                                                                                SHA-256:4C46C2CAFE7D475D55D17C63BEA51316A7E786AA8423442693A9050A8A831D62
                                                                                                SHA-512:DEF00CC3D7DC420118A56A8C55425BED882080C194D965A22A9AA691EE28B60B91552FE439CB0EAC673CBEADE27C06F38D976C502AE80AC08CD6F2F04E3BDB89
                                                                                                Malicious:false
                                                                                                Preview:p...... ....2.....d@%*..(................Wf..*....tY2-....................tY2-.. ........Wf..*......V...............h.t.t.p.:././.o.c.s.p...g.l.o.b.a.l.s.i.g.n...c.o.m./.r.o.o.t.r.3./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.1.n.G.h.%.2.F.J.B.j.W.K.n.k.P.d.Z.I.z.B.1.b.q.h.e.l.H.B.w.Q.U.j.%.2.F.B.L.f.6.g.u.R.S.S.u.T.V.D.6.Y.5.q.L.3.u.L.d.G.7.w.C.E.H.g.D.G.E.J.F.c.I.p.B.z.2.8.B.u.O.6.0.q.V.Q.%.3.D...".d.4.d.6.6.3.5.b.f.2.9.8.c.7.7.4.f.f.c.a.7.f.c.c.7.8.7.4.5.d.1.d.8.f.2.3.9.a.4.e."...

                                                                                                C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD92F95DED26541D3AF7F44DC7914843

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):214
                                                                                                Entropy (8bit):2.704690219929331
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:kkFklnlRwhvfllXlE/lBRwblR8rHelJlWlLltUKlAmqel1KlKLNlMu1j:kKOwhyLupWhliKemqe3KQjMIj
                                                                                                MD5:5ADED064FE474039B778B88A22310A03
                                                                                                SHA1:225A4C1677741BCB315D0E57712389C61AF0F3B0
                                                                                                SHA-256:3D4328272C5BC736926B9553CEB5A96CAF121366ADAEE679D55776127B8345FF
                                                                                                SHA-512:EEB27FC22D5C2AA91C3D8F985288153AF6932022E4E3A9C62565A66322A93003CFD641BC8924F297502D2DF427D9B1ABAFAF1903EC4EB3F80CD468C779383455
                                                                                                Malicious:false
                                                                                                Preview:p...... ....b...e..R%*..(....................................................... .........3.K.......................h.t.t.p.:././.c.r.l...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5...c.r.l...

                                                                                                C:\Windows\Temp\~DF1D68A25D9EB316F1.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF49649112289761ED.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):1.5507394891373292
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:Ic5tT3PjkEhWOVbpUGkOzs9t4H7qKsGkOzs9FOulKW:L5tz7kapIw7qK2K
                                                                                                MD5:D824C34173451D7A8A5846B0F0783E0B
                                                                                                SHA1:F172BC7A881997D158FA6D4296F29762E27867A8
                                                                                                SHA-256:33473AF11B94AE5AFFDCC40731DAD5C9420828575FD15F238EF2225528B3E0FF
                                                                                                SHA-512:627D17FE11721E13F108E87785FBAAF954CC998E09278C34E52F86AFE218AD017C2F9AD0C0476AD378E2AC8EE07A8EABC2948E4F76428532D6A1A3B060FEE389
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF549F7F686D014070.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.9702481706040955
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:YhU1DFTTkEhWOVbpUGkOzs9t4H7qKsGkOzs9FOulKW:11ZXkapIw7qK2K
                                                                                                MD5:578EDF21D8020715EE271CD36DAD54C1
                                                                                                SHA1:73615EBB3495A822512846263BFD6D7AC8654E4E
                                                                                                SHA-256:3321E5705868006AB786D009087533CC13552BEA0E81DD5F32591E6D468C0E9E
                                                                                                SHA-512:5CC39952D8B7AB56D8468027E93E96CD2086523CB235E27E42D95ED5A8B108383BF63F238E990B61EFAE3E7E988880A5FD93EEEE983B39F324C93BE0AA93327C
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF5903583D1FF3E44E.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF5B3F3D97000D85E1.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):0.06922452476682561
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKObr10+TNNEdWRLQVky6lS:2F0i8n0itFzDHFa+pN0iS
                                                                                                MD5:1C9682AC1798C75177814F9706CCA15B
                                                                                                SHA1:F6DE4A4543670A03B2D4C7FC5990A3EDA0E707AB
                                                                                                SHA-256:A69BC090416B42500D854ECE1914DA1D7403D448D219EE5CC17103423088A23A
                                                                                                SHA-512:A2DF9F94116202EB5FC7B6677FD284EE2D0609A5A0F50B06F32CD9BCF5E60AACC07562EF20C1EA1034014D7BF88DC58287D5926460CB6A45FCF90FF50FBE314A
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF69983B8D9E93C771.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.9702481706040955
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:YhU1DFTTkEhWOVbpUGkOzs9t4H7qKsGkOzs9FOulKW:11ZXkapIw7qK2K
                                                                                                MD5:578EDF21D8020715EE271CD36DAD54C1
                                                                                                SHA1:73615EBB3495A822512846263BFD6D7AC8654E4E
                                                                                                SHA-256:3321E5705868006AB786D009087533CC13552BEA0E81DD5F32591E6D468C0E9E
                                                                                                SHA-512:5CC39952D8B7AB56D8468027E93E96CD2086523CB235E27E42D95ED5A8B108383BF63F238E990B61EFAE3E7E988880A5FD93EEEE983B39F324C93BE0AA93327C
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF6B9E8091C3A2E56D.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):1.5507394891373292
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:Ic5tT3PjkEhWOVbpUGkOzs9t4H7qKsGkOzs9FOulKW:L5tz7kapIw7qK2K
                                                                                                MD5:D824C34173451D7A8A5846B0F0783E0B
                                                                                                SHA1:F172BC7A881997D158FA6D4296F29762E27867A8
                                                                                                SHA-256:33473AF11B94AE5AFFDCC40731DAD5C9420828575FD15F238EF2225528B3E0FF
                                                                                                SHA-512:627D17FE11721E13F108E87785FBAAF954CC998E09278C34E52F86AFE218AD017C2F9AD0C0476AD378E2AC8EE07A8EABC2948E4F76428532D6A1A3B060FEE389
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF6EDFFD5D53F3641A.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF7213E1D3B9FF115C.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):73728
                                                                                                Entropy (8bit):0.2936153881025568
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:WlKWJ0aqKsGkOzs9UpUGkOzs9t4HCZOqkEh:AKKqKBpIwWk
                                                                                                MD5:C5E360F55A757D1F5A959CE90EC37050
                                                                                                SHA1:403701C6C6D5C5CACFCBC4238FF26C1FC7AEC65B
                                                                                                SHA-256:B6416E564E25A0617185101A083AFB7ECDABF52CDD9D53F80BF056C548469EF1
                                                                                                SHA-512:C65A403C7659F210FD1CEAFC0EF3C2575BB09AB833B4BCFFAFB0353A98770AEB5D4CF2DB200C1AE7D9739289D33BDCA6BC453BEFAAB6A6101A1829414525ADDC
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFBA83223C3E4FEFF2.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):1.5507394891373292
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:Ic5tT3PjkEhWOVbpUGkOzs9t4H7qKsGkOzs9FOulKW:L5tz7kapIw7qK2K
                                                                                                MD5:D824C34173451D7A8A5846B0F0783E0B
                                                                                                SHA1:F172BC7A881997D158FA6D4296F29762E27867A8
                                                                                                SHA-256:33473AF11B94AE5AFFDCC40731DAD5C9420828575FD15F238EF2225528B3E0FF
                                                                                                SHA-512:627D17FE11721E13F108E87785FBAAF954CC998E09278C34E52F86AFE218AD017C2F9AD0C0476AD378E2AC8EE07A8EABC2948E4F76428532D6A1A3B060FEE389
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFE60ABF5300CEFCCC.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFE6BF8ED199B0F265.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                Entropy (8bit):7.997852853008998
                                                                                                TrID:
                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                File name:J4zGPhVRV3.exe
                                                                                                File size:25'298'721 bytes
                                                                                                MD5:3bca758ce1d5c3858ac8e10a2a38b514
                                                                                                SHA1:0f9de1a1b10f85941f89dbf603cc587323e2c003
                                                                                                SHA256:55cb5fa83a98b9d7cc70cad5fe59f44f8d48956b363df2fbf7ad649b9c4970e5
                                                                                                SHA512:1ff9f246d91931832fda34437e6453edf2bbc5af45214f4d55a9ee615a73ed912fe6dfa6680158ce4af46fc4c4dc95a7b573a0d59c5a78f24a8617a3bc0f7c55
                                                                                                SSDEEP:786432:D3Li0WVudC2IXJ4nSeS2jEfqJQTsrYT3sbmz:fivoierplTssbm
                                                                                                TLSH:D3473316E3E601D0C77BA2359067CD0BF63238CA1A21868712F45B693F73B759E3AB15
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

                                                                                                File Icon

                                                                                                Icon Hash:7d6d7d51754d0d24

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x140032ee0
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:false
                                                                                                Imagebase:0x140000000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:5
                                                                                                OS Version Minor:2
                                                                                                File Version Major:5
                                                                                                File Version Minor:2
                                                                                                Subsystem Version Major:5
                                                                                                Subsystem Version Minor:2
                                                                                                Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                dec eax
                                                                                                sub esp, 28h
                                                                                                call 00007FD38869A9C8h
                                                                                                dec eax
                                                                                                add esp, 28h
                                                                                                jmp 00007FD38869A35Fh
                                                                                                int3
                                                                                                int3
                                                                                                dec eax
                                                                                                mov eax, esp
                                                                                                dec eax
                                                                                                mov dword ptr [eax+08h], ebx
                                                                                                dec eax
                                                                                                mov dword ptr [eax+10h], ebp
                                                                                                dec eax
                                                                                                mov dword ptr [eax+18h], esi
                                                                                                dec eax
                                                                                                mov dword ptr [eax+20h], edi
                                                                                                inc ecx
                                                                                                push esi
                                                                                                dec eax
                                                                                                sub esp, 20h
                                                                                                dec ebp
                                                                                                mov edx, dword ptr [ecx+38h]
                                                                                                dec eax
                                                                                                mov esi, edx
                                                                                                dec ebp
                                                                                                mov esi, eax
                                                                                                dec eax
                                                                                                mov ebp, ecx
                                                                                                dec ecx
                                                                                                mov edx, ecx
                                                                                                dec eax
                                                                                                mov ecx, esi
                                                                                                dec ecx
                                                                                                mov edi, ecx
                                                                                                inc ecx
                                                                                                mov ebx, dword ptr [edx]
                                                                                                dec eax
                                                                                                shl ebx, 04h
                                                                                                dec ecx
                                                                                                add ebx, edx
                                                                                                dec esp
                                                                                                lea eax, dword ptr [ebx+04h]
                                                                                                call 00007FD3886997E3h
                                                                                                mov eax, dword ptr [ebp+04h]
                                                                                                and al, 66h
                                                                                                neg al
                                                                                                mov eax, 00000001h
                                                                                                sbb edx, edx
                                                                                                neg edx
                                                                                                add edx, eax
                                                                                                test dword ptr [ebx+04h], edx
                                                                                                je 00007FD38869A4F3h
                                                                                                dec esp
                                                                                                mov ecx, edi
                                                                                                dec ebp
                                                                                                mov eax, esi
                                                                                                dec eax
                                                                                                mov edx, esi
                                                                                                dec eax
                                                                                                mov ecx, ebp
                                                                                                call 00007FD38869C507h
                                                                                                dec eax
                                                                                                mov ebx, dword ptr [esp+30h]
                                                                                                dec eax
                                                                                                mov ebp, dword ptr [esp+38h]
                                                                                                dec eax
                                                                                                mov esi, dword ptr [esp+40h]
                                                                                                dec eax
                                                                                                mov edi, dword ptr [esp+48h]
                                                                                                dec eax
                                                                                                add esp, 20h
                                                                                                inc ecx
                                                                                                pop esi
                                                                                                ret
                                                                                                int3
                                                                                                int3
                                                                                                int3
                                                                                                dec eax
                                                                                                sub esp, 48h
                                                                                                dec eax
                                                                                                lea ecx, dword ptr [esp+20h]
                                                                                                call 00007FD388688D73h
                                                                                                dec eax
                                                                                                lea edx, dword ptr [00025747h]
                                                                                                dec eax
                                                                                                lea ecx, dword ptr [esp+20h]
                                                                                                call 00007FD38869B5C2h
                                                                                                int3
                                                                                                jmp 00007FD3886A17A4h
                                                                                                int3
                                                                                                int3
                                                                                                int3
                                                                                                int3
                                                                                                int3
                                                                                                int3

                                                                                                Rich Headers

                                                                                                Programming Language:
                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000x1afec.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x8b0000x970.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                .pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                _RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .rsrc0x700000x1afec0x1b000aba98e9b76b495732b08c5ff383222b3False0.4563802083333333data6.599280879597481IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0x8b0000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                PNG0x705240x7b82PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9970586374849769
                                                                                                RT_ICON0x780a80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.21535253756062936
                                                                                                RT_DIALOG0x888d00x2badata0.5286532951289399
                                                                                                RT_DIALOG0x88b8c0x13adata0.6560509554140127
                                                                                                RT_DIALOG0x88cc80xf2data0.71900826446281
                                                                                                RT_DIALOG0x88dbc0x14adata0.6
                                                                                                RT_DIALOG0x88f080x314data0.47588832487309646
                                                                                                RT_DIALOG0x8921c0x24adata0.6279863481228669
                                                                                                RT_STRING0x894680x1fcdata0.421259842519685
                                                                                                RT_STRING0x896640x246data0.41924398625429554
                                                                                                RT_STRING0x898ac0x1a6data0.514218009478673
                                                                                                RT_STRING0x89a540xdcdata0.65
                                                                                                RT_STRING0x89b300x470data0.3873239436619718
                                                                                                RT_STRING0x89fa00x164data0.5056179775280899
                                                                                                RT_STRING0x8a1040x110data0.5772058823529411
                                                                                                RT_STRING0x8a2140x158data0.4563953488372093
                                                                                                RT_STRING0x8a36c0xe8data0.5948275862068966
                                                                                                RT_STRING0x8a4540x1c6data0.5242290748898678
                                                                                                RT_STRING0x8a61c0x268data0.4837662337662338
                                                                                                RT_GROUP_ICON0x8a8840x14data1.15
                                                                                                RT_MANIFEST0x8a8980x753XML 1.0 document, ASCII text, with CRLF line terminators0.39786666666666665

                                                                                                Imports

                                                                                                DLLImport
                                                                                                KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                                                                                                OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                                                                Network Behavior

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Oct 29, 2024 16:52:00.136460066 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:00.136499882 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:00.136751890 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:00.136872053 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:00.136883974 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:00.864991903 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:00.878959894 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:00.878981113 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:00.880425930 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:00.880500078 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:00.947820902 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:00.948043108 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:00.948060036 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:00.990199089 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:00.990211010 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:01.037065029 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:01.072777987 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:01.072875023 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:01.072916985 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:01.073899031 CET49742443192.168.2.796.6.160.189
                                                                                                Oct 29, 2024 16:52:01.073921919 CET4434974296.6.160.189192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.639050961 CET572448080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.644000053 CET572458080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:14.644869089 CET808057244111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.644953966 CET5724680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.644999027 CET572448080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.649626970 CET572485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:14.649728060 CET80805724565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.650913954 CET8057246111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.650998116 CET5724680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.651000977 CET572458080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:14.653266907 CET572475651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.653996944 CET572495651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:14.654020071 CET572448080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.654040098 CET572448080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.655548096 CET565157248111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.656317949 CET572485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:14.658929110 CET565157247111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.659507990 CET572475651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.659665108 CET56515724965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.659687042 CET808057244111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.659698009 CET808057244111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.660648108 CET572495651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:14.665102959 CET572458080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:14.665128946 CET572458080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:14.665236950 CET5724680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.665250063 CET5724680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.665469885 CET572475651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.665482044 CET572475651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:14.665618896 CET572495651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:14.665618896 CET572495651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:14.665623903 CET572485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:14.665623903 CET572485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:14.670474052 CET80805724565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.670522928 CET80805724565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.670536041 CET8057246111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.670562983 CET8057246111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.670770884 CET565157247111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.670809031 CET565157247111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.670950890 CET56515724965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.670973063 CET56515724965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.670989037 CET565157248111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:14.671000957 CET565157248111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:15.520262957 CET565157248111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:15.520323992 CET572485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:15.520447969 CET572485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:15.525897026 CET565157248111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:15.581471920 CET572515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:15.586858034 CET565157251111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:15.586927891 CET572515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:15.587331057 CET572515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:15.587450027 CET572515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:15.592711926 CET565157251111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:15.593257904 CET565157251111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:16.434659958 CET565157251111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:16.434818029 CET572515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:16.437947035 CET572515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:16.443370104 CET565157251111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:16.501621962 CET572525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:16.507337093 CET565157252111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:16.507590055 CET572525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:16.510412931 CET572525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:16.510432005 CET572525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:16.515816927 CET565157252111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:16.515830040 CET565157252111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:17.367275953 CET565157252111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:17.369683981 CET572525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:17.440885067 CET572525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:17.446630955 CET565157252111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:17.613629103 CET572545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:17.619529963 CET565157254111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:17.619720936 CET572545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:17.639888048 CET572545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:17.639888048 CET572545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:17.645855904 CET565157254111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:17.645962000 CET565157254111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:18.470547915 CET565157254111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:18.472274065 CET572545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:18.472327948 CET572545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:18.477720022 CET565157254111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:18.537255049 CET572605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:18.543863058 CET565157260111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:18.544039011 CET572605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:18.544594049 CET572605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:18.544670105 CET572605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:18.551014900 CET565157260111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:18.551182032 CET565157260111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:19.303352118 CET572615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.308825016 CET565157261111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:19.308901072 CET572615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.316405058 CET572615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.316452026 CET572615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.321847916 CET565157261111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:19.321978092 CET565157261111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:19.402128935 CET565157260111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:19.402415037 CET572605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.402746916 CET572605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.408173084 CET565157260111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:19.526329994 CET572625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.531985998 CET565157262111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:19.532424927 CET572625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.533135891 CET572625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.533194065 CET572625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:19.538518906 CET565157262111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:19.538553953 CET565157262111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.252782106 CET565157261111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.252903938 CET572615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.252983093 CET572615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.258527040 CET565157261111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.286967039 CET572635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.292438030 CET565157263111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.292515993 CET572635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.293920040 CET572635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.293960094 CET572635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.299674988 CET565157263111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.299684048 CET565157263111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.377671957 CET565157262111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.377742052 CET572625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.377803087 CET572625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.383455038 CET565157262111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.397573948 CET572645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.408268929 CET565157264111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.408554077 CET572645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.410439968 CET572645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.410439968 CET572645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:20.415719986 CET565157264111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:20.415828943 CET565157264111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.223319054 CET565157263111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.223388910 CET572635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.223551989 CET572635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.229212046 CET565157263111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.268279076 CET572655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.273821115 CET565157265111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.273899078 CET572655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.274851084 CET572655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.274851084 CET572655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.279639959 CET565157265111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.279716969 CET572655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.279835939 CET572655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.280210018 CET565157265111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.280227900 CET565157265111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.285187006 CET565157265111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.285594940 CET565157265111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.335371017 CET565157264111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.335448027 CET572645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.335541010 CET572645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.340941906 CET565157264111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.378933907 CET572665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.384468079 CET565157266111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.384557009 CET572665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.385143995 CET572665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.385159969 CET572665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:21.390499115 CET565157266111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:21.390512943 CET565157266111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:22.228689909 CET565157266111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:22.228760004 CET572665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:22.228821039 CET572665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:22.234118938 CET565157266111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:22.255585909 CET572675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:22.261017084 CET565157267111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:22.261178970 CET572675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:22.262180090 CET572675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:22.262209892 CET572675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:22.267504930 CET565157267111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:22.267570019 CET565157267111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.108068943 CET565157267111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.108222008 CET572675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.108280897 CET572675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.113691092 CET565157267111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.127600908 CET572685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.134390116 CET80805724565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.134471893 CET572458080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.134573936 CET572458080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.135411978 CET565157268111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.135489941 CET572685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.135773897 CET808057244111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.135834932 CET572448080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.136212111 CET572448080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.137157917 CET572685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.137181997 CET572685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.141568899 CET80805724565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.141771078 CET808057244111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.141830921 CET8057246111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.142034054 CET5724680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.142086983 CET5724680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.142592907 CET565157268111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.142673016 CET565157268111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.144638062 CET56515724965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.144701958 CET572495651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.144738913 CET572495651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.147512913 CET8057246111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.149931908 CET565157268111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.150221109 CET56515724965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.168325901 CET565157247111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.168395996 CET572475651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.168453932 CET572475651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.173885107 CET565157247111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.282223940 CET572695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.283262014 CET5727080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.283338070 CET572718080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.284611940 CET572725651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.285948992 CET572735651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.287595987 CET572748080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.287616014 CET565157269111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.288614988 CET8057270111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.288623095 CET572695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.288681030 CET5727080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.288923025 CET808057271111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.289002895 CET572718080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.289731026 CET5727080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.289757013 CET5727080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.289810896 CET572718080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.289825916 CET572718080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.289972067 CET572695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.289998055 CET572695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.290066957 CET56515727265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.290136099 CET572725651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.290540934 CET572725651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.290540934 CET572725651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.292033911 CET565157273111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.292104959 CET572735651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.292809963 CET572735651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.292834997 CET572735651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.293376923 CET80805727465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.293482065 CET572748080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.293828964 CET572748080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.293828964 CET572748080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.294753075 CET565157269111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.294796944 CET8057270111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.294799089 CET572695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.294848919 CET572695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.294867039 CET5727080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.294945002 CET808057271111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295011044 CET572718080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.295062065 CET5727080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.295196056 CET8057270111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295207977 CET8057270111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295219898 CET808057271111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295226097 CET808057271111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295447111 CET565157269111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295459032 CET565157269111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295569897 CET56515727265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295618057 CET572725651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.295912027 CET56515727265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295924902 CET56515727265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.295979023 CET572718080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.296056032 CET572725651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.297667980 CET565157273111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.297743082 CET572735651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.298129082 CET565157273111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.298141956 CET565157273111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.298772097 CET572735651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.298897028 CET80805727465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.298960924 CET572748080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.299153090 CET80805727465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.299195051 CET80805727465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.300326109 CET565157269111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.300338984 CET565157269111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.300349951 CET8057270111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.300360918 CET808057271111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.300375938 CET8057270111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.300885916 CET56515727265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.301208973 CET808057271111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.301320076 CET56515727265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.303085089 CET565157273111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.304049969 CET565157273111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.304296970 CET80805727465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.377868891 CET572758080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.378593922 CET572768080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.380958080 CET572785651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.381779909 CET572795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.383109093 CET5728080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.383141041 CET808057275111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.383198023 CET572758080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.383342981 CET572775651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.383707047 CET572758080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.383735895 CET572758080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.383924007 CET80805727665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.383975029 CET572768080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.385687113 CET572768080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.385729074 CET572768080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.386478901 CET56515727865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.386527061 CET572785651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.387178898 CET565157279111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.387231112 CET572795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.387695074 CET572795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.387708902 CET572795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.388075113 CET572785651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.388087988 CET572785651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:23.388391018 CET8057280111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.388430119 CET5728080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.388653994 CET565157277111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.388709068 CET572775651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.389022112 CET808057275111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.389075994 CET808057275111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.390639067 CET5728080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.390686989 CET5728080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.390747070 CET572775651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.390773058 CET572775651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.391195059 CET80805727665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.391206026 CET80805727665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.393142939 CET565157279111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.393152952 CET565157279111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.393275976 CET565157279111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.393378019 CET56515727865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.393611908 CET56515727865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.394160032 CET8057280111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.394321918 CET5728080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.394357920 CET565157277111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.394464016 CET572775651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.395982981 CET8057280111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.396039963 CET8057280111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.396069050 CET565157277111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.396079063 CET565157277111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.397192955 CET5728080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.397690058 CET572775651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.399666071 CET8057280111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.399781942 CET565157277111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.402628899 CET8057280111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.403021097 CET565157277111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.475716114 CET572815651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.479931116 CET572825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.480669975 CET5728380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.481143951 CET565157281111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.481367111 CET572815651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.482032061 CET572815651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.482044935 CET572815651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.485285044 CET565157282111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.485382080 CET572825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.485974073 CET8057283111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.486105919 CET5728380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.486589909 CET572825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.486634970 CET572825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:23.486838102 CET5728380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.486897945 CET5728380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:23.487524033 CET565157281111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.487565041 CET565157281111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.491913080 CET565157282111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.491983891 CET565157282111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.492122889 CET8057283111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:23.492172956 CET8057283111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:24.347685099 CET565157282111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:24.348090887 CET572825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:24.348090887 CET572825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:24.353560925 CET565157282111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:24.438328981 CET572845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:24.443758011 CET565157284111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:24.443872929 CET572845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:24.444331884 CET572845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:24.444370031 CET572845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:24.449959993 CET565157284111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:24.449990034 CET565157284111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:25.273597956 CET565157284111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:25.273689985 CET572845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:25.273960114 CET572845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:25.279467106 CET565157284111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:25.324109077 CET572855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:25.329734087 CET565157285111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:25.329830885 CET572855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:25.330030918 CET572855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:25.330030918 CET572855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:25.335541964 CET565157285111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:25.336206913 CET565157285111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:26.158657074 CET565157285111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:26.158814907 CET572855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:26.158814907 CET572855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:26.164203882 CET565157285111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:26.184783936 CET572865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:26.190418959 CET565157286111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:26.190962076 CET572865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:26.190962076 CET572865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:26.190962076 CET572865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:26.196353912 CET565157286111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:26.197663069 CET565157286111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:27.074795961 CET565157286111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:27.074911118 CET572865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:27.074949980 CET572865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:27.080451012 CET565157286111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:27.168659925 CET572875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:27.174206018 CET565157287111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:27.174299955 CET572875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:27.174488068 CET572875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:27.174488068 CET572875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:27.179816961 CET565157287111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:27.181135893 CET565157287111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:28.083988905 CET565157287111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:28.084053040 CET572875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:28.084125996 CET572875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:28.089458942 CET565157287111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:28.156300068 CET572885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:28.162163973 CET565157288111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:28.162234068 CET572885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:28.162436008 CET572885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:28.162453890 CET572885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:28.168329954 CET565157288111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:28.168395996 CET565157288111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:29.082232952 CET565157288111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:29.082293987 CET572885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:29.082346916 CET572885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:29.087635040 CET565157288111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:29.140135050 CET572895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:29.145498037 CET565157289111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:29.145598888 CET572895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:29.145809889 CET572895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:29.145843983 CET572895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:29.151134014 CET565157289111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:29.151532888 CET565157289111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:29.990401030 CET565157289111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:29.990466118 CET572895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:29.990530968 CET572895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:29.995980978 CET565157289111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:30.026473045 CET572905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.032113075 CET565157290111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:30.032221079 CET572905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.032520056 CET572905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.032520056 CET572905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.037883043 CET565157290111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:30.037910938 CET565157290111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:30.858988047 CET565157290111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:30.859056950 CET572905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.859118938 CET572905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.864460945 CET565157290111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:30.889633894 CET572915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.895061970 CET565157291111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:30.895140886 CET572915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.895378113 CET572915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.895391941 CET572915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:30.900729895 CET565157291111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:30.901113033 CET565157291111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.740633011 CET565157291111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.740746021 CET572915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:31.740788937 CET572915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:31.746134043 CET565157291111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.775604010 CET572925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:31.780870914 CET565157292111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.780932903 CET572925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:31.781167984 CET572925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:31.781179905 CET572925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:31.786576986 CET565157292111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.786587954 CET565157292111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.873106003 CET56515727865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.873246908 CET572785651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:31.873270035 CET572785651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:31.876780033 CET80805727665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.876832962 CET572768080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:31.876874924 CET572768080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:31.878659964 CET56515727865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.882386923 CET80805727665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.889187098 CET808057275111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.889280081 CET572758080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.889395952 CET572758080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.894778967 CET808057275111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.964246035 CET565157281111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.964334965 CET572815651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.964477062 CET572815651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.964586020 CET8057283111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.964648008 CET5728380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.964684010 CET5728380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.969733953 CET565157281111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.969959974 CET8057283111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.983886003 CET572938080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.984287024 CET572945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.985676050 CET572955651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:31.986105919 CET5729680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.993169069 CET808057293111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.993231058 CET572938080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.993341923 CET565157294111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.993486881 CET572945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.993659973 CET56515729565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.993730068 CET572955651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:31.993730068 CET8057296111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.993805885 CET5729680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.994344950 CET572938080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.994469881 CET572945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.994471073 CET572938080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.994524956 CET572945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.994543076 CET572955651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:31.994604111 CET572955651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:31.994604111 CET5729680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.994617939 CET5729680192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:31.997056961 CET572978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:31.999581099 CET808057293111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.999919891 CET808057293111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.999931097 CET565157294111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.999946117 CET565157294111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.999965906 CET56515729565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:31.999985933 CET56515729565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.000031948 CET8057296111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.000061035 CET8057296111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.003073931 CET80805729765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.003132105 CET572978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.003346920 CET572978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.003495932 CET572978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.006938934 CET808057293111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.007143974 CET565157294111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.007239103 CET56515729565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.007534027 CET8057296111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.008631945 CET80805729765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.008671045 CET80805729765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.008723021 CET572978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.008748055 CET80805729765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.011029959 CET572978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.014036894 CET80805729765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.016324997 CET80805729765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.107253075 CET572985651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.107331038 CET5729980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.107594013 CET573008080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.107882023 CET573015651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.107978106 CET573028080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.112622023 CET565157298111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.112709045 CET572985651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.112858057 CET8057299111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.112915993 CET808057300111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.112926960 CET572985651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.112926960 CET572985651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.113007069 CET5729980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.113010883 CET573008080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.113146067 CET5729980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.113163948 CET5729980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.113177061 CET56515730165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.113203049 CET573008080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.113214016 CET573008080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:32.113239050 CET573015651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.113310099 CET80805730265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.113384008 CET573015651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.113395929 CET573015651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.113451958 CET573028080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.113564014 CET573028080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.113564014 CET573028080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.118242025 CET565157298111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.118319035 CET565157298111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.118541002 CET8057299111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.118606091 CET8057299111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.118619919 CET808057300111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.118632078 CET808057300111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.118710041 CET56515730165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.118771076 CET56515730165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.118942976 CET80805730265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.118980885 CET80805730265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.119134903 CET80805730265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.203347921 CET573038080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.208822966 CET80805730365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.208901882 CET573038080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.209095001 CET573038080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.209108114 CET573038080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:32.214550972 CET80805730365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.214925051 CET80805730365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.626384020 CET565157292111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.626450062 CET572925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:32.626528025 CET572925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:32.631968021 CET565157292111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.636507034 CET573045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:32.641936064 CET565157304111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.642005920 CET573045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:32.642187119 CET573045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:32.642199039 CET573045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:32.647533894 CET565157304111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:32.647546053 CET565157304111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:33.526698112 CET565157304111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:33.526757956 CET573045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:33.526804924 CET573045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:33.532959938 CET565157304111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:33.632657051 CET573055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:33.638156891 CET565157305111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:33.638232946 CET573055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:33.638474941 CET573055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:33.638484955 CET573055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:33.643821001 CET565157305111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:33.643832922 CET565157305111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:34.468179941 CET565157305111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:34.468334913 CET573055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:34.468375921 CET573055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:34.473973989 CET565157305111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:34.510518074 CET573065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:34.515995026 CET565157306111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:34.516057014 CET573065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:34.516287088 CET573065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:34.516300917 CET573065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:34.522273064 CET565157306111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:34.522578955 CET565157306111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:35.397131920 CET565157306111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:35.397200108 CET573065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:35.397255898 CET573065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:35.402857065 CET565157306111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:35.481899023 CET573075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:35.487375975 CET565157307111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:35.487462044 CET573075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:35.487776995 CET573075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:35.487787962 CET573075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:35.493247986 CET565157307111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:35.494008064 CET565157307111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:36.334182024 CET565157307111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:36.334263086 CET573075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:36.334306002 CET573075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:36.339715004 CET565157307111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:36.364743948 CET573085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:36.370033979 CET565157308111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:36.370140076 CET573085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:36.370332956 CET573085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:36.370332956 CET573085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:36.375675917 CET565157308111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:36.376003981 CET565157308111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:37.213813066 CET565157308111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:37.213905096 CET573085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:37.214191914 CET573085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:37.219501972 CET565157308111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:37.235435963 CET573095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:37.240752935 CET565157309111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:37.240813971 CET573095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:37.241106987 CET573095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:37.241117954 CET573095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:37.246362925 CET565157309111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:37.246629000 CET565157309111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:38.102106094 CET565157309111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:38.102264881 CET573095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:38.102638960 CET573095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:38.108445883 CET565157309111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:38.229782104 CET573105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:38.235165119 CET565157310111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:38.235335112 CET573105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:38.235451937 CET573105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:38.235476017 CET573105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:38.240823984 CET565157310111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:38.241238117 CET565157310111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:39.081962109 CET565157310111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:39.082235098 CET573105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:39.082235098 CET573105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:39.087764978 CET565157310111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:39.112658978 CET573115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:39.117969036 CET565157311111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:39.121769905 CET573115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:39.128071070 CET573115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:39.128134966 CET573115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:39.133431911 CET565157311111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:39.133462906 CET565157311111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:39.959937096 CET565157311111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:39.961469889 CET573115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:39.963089943 CET573115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:39.968389988 CET565157311111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.089412928 CET573125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.094907999 CET565157312111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.094973087 CET573125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.095211029 CET573125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.095211029 CET573125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.101485968 CET565157312111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.101808071 CET565157312111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.595398903 CET56515730165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.595464945 CET573015651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.595524073 CET573015651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.595875025 CET808057300111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.595932007 CET573008080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.595985889 CET573008080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.596236944 CET565157298111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.596286058 CET572985651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.596434116 CET572985651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.599159002 CET8057299111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.599226952 CET5729980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.599260092 CET5729980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.601399899 CET56515730165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.601630926 CET808057300111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.601764917 CET565157298111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.605057001 CET8057299111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.624125957 CET5731380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.629425049 CET8057313111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.629512072 CET5731380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.629681110 CET5731380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.629695892 CET5731380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.635632038 CET8057313111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.635643005 CET8057313111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.636660099 CET573145651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.638219118 CET573155651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.638313055 CET573168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.641969919 CET56515731465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.642038107 CET573145651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.642199993 CET573145651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.642210960 CET573145651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.643714905 CET565157315111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.643726110 CET808057316111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.643805981 CET573168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.643805981 CET573155651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.643958092 CET573155651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.643970966 CET573155651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.644048929 CET573168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.644076109 CET573168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:40.647614002 CET56515731465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.647948027 CET56515731465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.650804996 CET565157315111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.650815010 CET565157315111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.650825977 CET808057316111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.650835991 CET808057316111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.692293882 CET80805730365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.692358971 CET573038080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.692398071 CET573038080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.698327065 CET80805730365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.733464003 CET573188080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.738971949 CET80805731865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.739032030 CET573188080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.739233017 CET573188080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.739305973 CET573188080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:40.744580030 CET80805731865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.744592905 CET80805731865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.940618038 CET565157312111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.940733910 CET573125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.940783978 CET573125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.946145058 CET565157312111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.949706078 CET573195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.955039024 CET565157319111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.955128908 CET573195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.955298901 CET573195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.955310106 CET573195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:40.960804939 CET565157319111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:40.960841894 CET565157319111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:41.805840015 CET565157319111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:41.805939913 CET573195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:41.805978060 CET573195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:41.811469078 CET565157319111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:41.826785088 CET573215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:41.832144022 CET565157321111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:41.832210064 CET573215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:41.832396030 CET573215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:41.832406998 CET573215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:41.837642908 CET565157321111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:41.837702990 CET565157321111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:42.693799973 CET565157321111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:42.694053888 CET573215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.694216967 CET573215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.699477911 CET565157321111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:42.701029062 CET573225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.706443071 CET565157322111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:42.706520081 CET573225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.706774950 CET573225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.706799984 CET573225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.712109089 CET565157322111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:42.712163925 CET565157322111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:42.809437037 CET573245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.815490961 CET565157324111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:42.815576077 CET573245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.815752029 CET573245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.815766096 CET573245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:42.821774960 CET565157324111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:42.821790934 CET565157324111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.554927111 CET565157322111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.556741953 CET573225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.556796074 CET573225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.562129974 CET565157322111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.577599049 CET573255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.582887888 CET565157325111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.583775997 CET573255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.583972931 CET573255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.583972931 CET573255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.589312077 CET565157325111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.589368105 CET565157325111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.696074009 CET565157324111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.696134090 CET573245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.696193933 CET573245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.701487064 CET565157324111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.795145035 CET573265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.800575972 CET565157326111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.801820040 CET573265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.802036047 CET573265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.802069902 CET573265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:43.807388067 CET565157326111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:43.807398081 CET565157326111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.421905994 CET565157325111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.421972990 CET573255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.422041893 CET573255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.427401066 CET565157325111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.450310946 CET573275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.455629110 CET565157327111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.455703974 CET573275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.455879927 CET573275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.455908060 CET573275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.461574078 CET565157327111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.461585045 CET565157327111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.640661001 CET565157326111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.640736103 CET573265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.640793085 CET573265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.646163940 CET565157326111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.702030897 CET573285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.707498074 CET565157328111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.707958937 CET573285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.708177090 CET573285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.711066008 CET573285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:44.713771105 CET565157328111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:44.716502905 CET565157328111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.323678017 CET565157327111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.323744059 CET573275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.323812962 CET573275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.329452991 CET565157327111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.435049057 CET573295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.440634012 CET565157329111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.440749884 CET573295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.440988064 CET573295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.441001892 CET573295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.446428061 CET565157329111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.446470022 CET565157329111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.538228035 CET565157328111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.540869951 CET573285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.540869951 CET573285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.546351910 CET565157328111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.657507896 CET573305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.663068056 CET565157330111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.663187981 CET573305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.663398981 CET573305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.663398981 CET573305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:45.668966055 CET565157330111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:45.668998003 CET565157330111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.265053988 CET565157329111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.265130997 CET573295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.265172005 CET573295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.270461082 CET565157329111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.310594082 CET573315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.315864086 CET565157331111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.315947056 CET573315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.316131115 CET573315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.316204071 CET573315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.321445942 CET565157331111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.321455956 CET565157331111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.501116037 CET565157330111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.501228094 CET573305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.501228094 CET573305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.506692886 CET565157330111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.540673971 CET573325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.545918941 CET565157332111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.545995951 CET573325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.546199083 CET573325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.546224117 CET573325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:46.551595926 CET565157332111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:46.551606894 CET565157332111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.170922041 CET565157331111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.170994043 CET573315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.171052933 CET573315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.176573038 CET565157331111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.189342976 CET573335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.194695950 CET565157333111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.194844007 CET573335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.195084095 CET573335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.195166111 CET573335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.200402975 CET565157333111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.200470924 CET565157333111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.387495995 CET565157332111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.387851000 CET573325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.387908936 CET573325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.394730091 CET565157332111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.412553072 CET573345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.417910099 CET565157334111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.418065071 CET573345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.419130087 CET573345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.419142962 CET573345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:47.424447060 CET565157334111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:47.424458027 CET565157334111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.050832987 CET565157333111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.050976038 CET573335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.050976038 CET573335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.056288958 CET565157333111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.069360971 CET573355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.075103045 CET565157335111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.075337887 CET573355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.075520992 CET573355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.075520992 CET573355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.080977917 CET565157335111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.080991983 CET565157335111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.282079935 CET565157334111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.282202959 CET573345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.282242060 CET573345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.287539959 CET565157334111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.391865015 CET573365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.397289038 CET565157336111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.397759914 CET573365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.397993088 CET573365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.398008108 CET573365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:48.403320074 CET565157336111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:48.403332949 CET565157336111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.114187956 CET8057313111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.115854979 CET5731380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.115919113 CET5731380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.121292114 CET8057313111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.131138086 CET565157315111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.131815910 CET573155651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.131866932 CET573155651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.131905079 CET56515731465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.132371902 CET808057316111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.132431030 CET573145651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.132468939 CET573168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.132468939 CET573145651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.132849932 CET573168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.137135983 CET565157315111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.137907028 CET56515731465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.138138056 CET808057316111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.154293060 CET565157335111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.155942917 CET573355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.155942917 CET573355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.161231041 CET565157335111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.172504902 CET573375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.174429893 CET5733880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.177808046 CET565157337111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.179646015 CET573375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.179857969 CET573375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.180047989 CET573375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.180206060 CET8057338111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.180399895 CET5733880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.180615902 CET5733880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.180629015 CET5733880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.185091972 CET565157337111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.185352087 CET565157337111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.185904026 CET8057338111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.186141968 CET8057338111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.197710037 CET573395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.203078985 CET56515733965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.203151941 CET573395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.203357935 CET573395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.203366995 CET573395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.208648920 CET56515733965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.208658934 CET56515733965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.212379932 CET573408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.217796087 CET808057340111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.217860937 CET573408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.218030930 CET573408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.218044043 CET573408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:49.219213009 CET80805731865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.219273090 CET573188080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.219302893 CET573188080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.223469973 CET808057340111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.223548889 CET808057340111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.224654913 CET80805731865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.252250910 CET565157336111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.252357006 CET573365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.252408028 CET573365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.257734060 CET565157336111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.264924049 CET573418080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.268132925 CET573425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.270412922 CET80805734165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.270497084 CET573418080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.270807981 CET573418080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.270831108 CET573418080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.273839951 CET565157342111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.275727987 CET573425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.278383017 CET573425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.278536081 CET573425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.280531883 CET80805734165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.280617952 CET80805734165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.283746004 CET565157342111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.283791065 CET565157342111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.292345047 CET80805734165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.292568922 CET565157342111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.374066114 CET573438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.376416922 CET573445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.379498005 CET80805734365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.379578114 CET573438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.379770994 CET573438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.379786968 CET573438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:49.381772041 CET565157344111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.381843090 CET573445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.381980896 CET573445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.382004976 CET573445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:49.385166883 CET80805734365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.385268927 CET80805734365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.387496948 CET565157344111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:49.387705088 CET565157344111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:50.263580084 CET565157344111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:50.263725996 CET573445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:50.263762951 CET573445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:50.269180059 CET565157344111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:50.356782913 CET573455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:50.362399101 CET565157345111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:50.362557888 CET573455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:50.362746954 CET573455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:50.362747908 CET573455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:50.368057966 CET565157345111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:50.368104935 CET565157345111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:51.207645893 CET565157345111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:51.207884073 CET573455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:51.207884073 CET573455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:51.213325977 CET565157345111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:51.233613014 CET573465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:51.239140987 CET565157346111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:51.239242077 CET573465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:51.239427090 CET573465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:51.239439964 CET573465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:51.244716883 CET565157346111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:51.244736910 CET565157346111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:52.086730003 CET565157346111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:52.086793900 CET573465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:52.086839914 CET573465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:52.092236042 CET565157346111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:52.119621992 CET573475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:52.124942064 CET565157347111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:52.125020027 CET573475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:52.125216007 CET573475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:52.125227928 CET573475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:52.130990982 CET565157347111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:52.131009102 CET565157347111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:52.980465889 CET565157347111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:52.980667114 CET573475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:52.980668068 CET573475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:52.986160994 CET565157347111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:53.091523886 CET573485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:53.098227024 CET565157348111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:53.098339081 CET573485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:53.098557949 CET573485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:53.098576069 CET573485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:53.105168104 CET565157348111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:53.105180979 CET565157348111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:53.943866014 CET565157348111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:53.945792913 CET573485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:53.968951941 CET573485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:53.974457026 CET565157348111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:54.059566975 CET573495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.065049887 CET565157349111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:54.065167904 CET573495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.065512896 CET573495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.065512896 CET573495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.070950985 CET565157349111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:54.071075916 CET565157349111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:54.928098917 CET565157349111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:54.928179979 CET573495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.928251028 CET573495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.933588982 CET565157349111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:54.954708099 CET573505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.960221052 CET565157350111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:54.960437059 CET573505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.960618019 CET573505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.964047909 CET573505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:54.966206074 CET565157350111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:54.969337940 CET565157350111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:55.860215902 CET565157350111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:55.864456892 CET573505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:55.864500999 CET573505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:55.870003939 CET565157350111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:55.934462070 CET573515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:55.939860106 CET565157351111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:55.941751003 CET573515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:55.941987038 CET573515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:55.942001104 CET573515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:55.947308064 CET565157351111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:55.947325945 CET565157351111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:56.812103987 CET565157351111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:56.812170029 CET573515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:56.812218904 CET573515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:56.817615032 CET565157351111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:56.932393074 CET573525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:56.937835932 CET565157352111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:56.937931061 CET573525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:56.938126087 CET573525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:56.938162088 CET573525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:56.943442106 CET565157352111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:56.943746090 CET565157352111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.696743011 CET565157337111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.696997881 CET56515733965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.697077036 CET573375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.697103024 CET8057338111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.697153091 CET573375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.697153091 CET573395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:57.697156906 CET5733880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.700001955 CET573395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:57.700082064 CET808057340111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.700167894 CET573408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.702436924 CET5733880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.702481985 CET565157337111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.705025911 CET573408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.705293894 CET56515733965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.707873106 CET8057338111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.710333109 CET808057340111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.796361923 CET573535651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.796979904 CET5735480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.801702023 CET565157353111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.802337885 CET8057354111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.802437067 CET573535651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.802619934 CET5735480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.802619934 CET5735480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.802661896 CET5735480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.802679062 CET573535651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.802679062 CET573535651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.806482077 CET573555651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:57.808063984 CET8057354111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.808075905 CET8057354111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.808106899 CET565157353111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.808116913 CET565157353111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.812572002 CET56515735565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.816327095 CET573555651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:57.816665888 CET573555651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:57.816679955 CET573555651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:57.821715117 CET573568080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.821945906 CET56515735565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.822026968 CET56515735565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.824047089 CET565157352111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.827208042 CET808057356111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.827265978 CET573525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:57.827286959 CET573568080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.827330112 CET573525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:57.827713966 CET573568080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.827724934 CET573568080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:52:57.832604885 CET565157352111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.833008051 CET808057356111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.833019018 CET808057356111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.896697998 CET80805734365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.899960041 CET573438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:57.903907061 CET573438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:57.905319929 CET573575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:57.909183979 CET80805734365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.910624981 CET565157357111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.910711050 CET573575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:57.910900116 CET573575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:57.910911083 CET573575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:57.916189909 CET565157357111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:57.916296959 CET565157357111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:58.015396118 CET573588080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:58.020976067 CET80805735865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:58.021038055 CET573588080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:58.021249056 CET573588080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:58.021275043 CET573588080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:52:58.026745081 CET80805735865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:58.026763916 CET80805735865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:52:58.768970966 CET565157357111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:58.769028902 CET573575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:58.769081116 CET573575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:58.774390936 CET565157357111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:58.778906107 CET573595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:58.784249067 CET565157359111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:58.784388065 CET573595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:58.784925938 CET573595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:58.784949064 CET573595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:58.790350914 CET565157359111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:58.790369987 CET565157359111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:59.624006033 CET565157359111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:59.624075890 CET573595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:59.624124050 CET573595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:59.629470110 CET565157359111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:59.652791977 CET573605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:59.658150911 CET565157360111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:59.658224106 CET573605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:59.658402920 CET573605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:59.658402920 CET573605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:52:59.663783073 CET565157360111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:52:59.663799047 CET565157360111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:00.503973961 CET565157360111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:00.504087925 CET573605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:00.504147053 CET573605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:00.509546995 CET565157360111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:00.542435884 CET573615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:00.547976971 CET565157361111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:00.548052073 CET573615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:00.548321962 CET573615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:00.548347950 CET573615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:00.553875923 CET565157361111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:00.554194927 CET565157361111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:01.394778013 CET565157361111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:01.394850969 CET573615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:01.394915104 CET573615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:01.400451899 CET565157361111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:01.403429985 CET573625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:01.408850908 CET565157362111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:01.408925056 CET573625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:01.409116983 CET573625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:01.409140110 CET573625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:01.414452076 CET565157362111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:01.414488077 CET565157362111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:02.325757980 CET565157362111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:02.328090906 CET573625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:02.328140974 CET573625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:02.333569050 CET565157362111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:02.390183926 CET573635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:02.395562887 CET565157363111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:02.396014929 CET573635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:02.396490097 CET573635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:02.396513939 CET573635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:02.401817083 CET565157363111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:02.401828051 CET565157363111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:03.295763016 CET565157363111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:03.295890093 CET573635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:03.295989990 CET573635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:03.301479101 CET565157363111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:03.377352953 CET573645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:03.382879972 CET565157364111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:03.382951021 CET573645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:03.383219957 CET573645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:03.383352041 CET573645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:03.388606071 CET565157364111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:03.388714075 CET565157364111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:04.251506090 CET565157364111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:04.251650095 CET573645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:04.251698017 CET573645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:04.257138968 CET565157364111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:04.357352018 CET573655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:04.362909079 CET565157365111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:04.363039970 CET573655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:04.363230944 CET573655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:04.363244057 CET573655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:04.368762970 CET565157365111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:04.368896008 CET565157365111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.221318007 CET565157365111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.221437931 CET573655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.221468925 CET573655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.226754904 CET565157365111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.235431910 CET573665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.241166115 CET565157366111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.241306067 CET573665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.241476059 CET573665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.241488934 CET573665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.246844053 CET565157366111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.246860027 CET565157366111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.246870995 CET565157366111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.344305992 CET573675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.349889994 CET565157367111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.349961042 CET573675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.350295067 CET573675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.350295067 CET573675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.355824947 CET565157367111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.355849028 CET565157367111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.356164932 CET565157367111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.528723955 CET573685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.534167051 CET565157368111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.534313917 CET573685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.534523964 CET573685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.534565926 CET573685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.539946079 CET565157368111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.540014982 CET565157368111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.540024996 CET565157368111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.561564922 CET573695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.567014933 CET565157369111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.568337917 CET573695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.568471909 CET573695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.568484068 CET573695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.574376106 CET565157369111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.574397087 CET565157369111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.574407101 CET565157369111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.574470043 CET573695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.574541092 CET573695651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.579791069 CET565157369111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.579817057 CET565157369111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.674292088 CET573705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.679799080 CET565157370111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.683926105 CET573705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.684223890 CET573705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.687892914 CET573705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:05.689937115 CET565157370111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:05.693489075 CET565157370111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.288027048 CET565157353111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.288198948 CET573535651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.288258076 CET573535651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.293634892 CET565157353111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.327797890 CET573715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.332760096 CET56515735565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.332868099 CET573555651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.332926035 CET573555651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.333475113 CET565157371111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.334002972 CET808057356111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.334106922 CET573715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.334109068 CET573568080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.334501028 CET573568080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.334736109 CET8057354111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.335217953 CET573715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.335261106 CET5735480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.335297108 CET5735480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.336956978 CET573715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.338349104 CET56515735565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.340390921 CET808057356111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.340486050 CET565157371111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.340591908 CET8057354111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.342283964 CET565157371111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.437448978 CET5737280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.437470913 CET573735651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.442821026 CET8057372111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.442866087 CET56515737365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.442953110 CET5737280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.442974091 CET573735651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.443159103 CET5737280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.443315983 CET5737280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.443339109 CET573735651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.443433046 CET573735651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.448419094 CET8057372111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.448618889 CET8057372111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.448632002 CET56515737365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.448892117 CET56515737365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.463326931 CET573748080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.468765974 CET808057374111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.469783068 CET573748080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.470016956 CET573748080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.473730087 CET573748080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:06.475516081 CET808057374111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.479265928 CET808057374111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.510191917 CET80805735865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.513798952 CET573588080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.513840914 CET573588080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.515264034 CET565157370111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.517770052 CET573705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.517821074 CET573705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.519347906 CET80805735865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.523226023 CET565157370111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.548125982 CET573758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.548201084 CET573765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.553991079 CET80805737565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.554014921 CET565157376111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.554126978 CET573758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.554450035 CET573758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.554451942 CET573765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.554486990 CET573765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.554502010 CET573765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.554507971 CET573758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.559819937 CET80805737565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.559895039 CET80805737565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.559906960 CET565157376111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.559912920 CET573758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.559917927 CET565157376111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.559989929 CET573758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.559993982 CET80805737565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.560513020 CET565157376111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.565195084 CET80805737565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.565289974 CET80805737565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.654473066 CET573775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.660281897 CET565157377111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.660423040 CET573775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.660671949 CET573775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.660698891 CET573775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.666132927 CET565157377111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.666142941 CET565157377111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.669128895 CET573788080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.675689936 CET80805737865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.675820112 CET573788080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.676024914 CET573788080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.676057100 CET573788080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:06.676188946 CET565157377111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.682442904 CET80805737865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.682452917 CET80805737865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.778179884 CET573795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.783883095 CET565157379111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.783967018 CET573795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.784161091 CET573795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.784161091 CET573795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.789572954 CET565157379111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.789592981 CET565157379111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.807642937 CET565157379111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.901957035 CET573805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.907417059 CET565157380111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.907561064 CET573805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.907887936 CET573805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.907910109 CET573805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.913079977 CET565157380111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.913161993 CET573805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.913222075 CET573805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.913307905 CET565157380111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.913319111 CET565157380111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.918771029 CET565157380111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.918781042 CET565157380111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.982002020 CET573815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.987577915 CET565157381111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.987694025 CET573815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.987894058 CET573815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.987907887 CET573815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:06.993221045 CET565157381111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:06.993253946 CET565157381111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:07.855882883 CET565157381111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:07.857846022 CET573815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:07.857928991 CET573815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:07.864345074 CET565157381111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:07.965799093 CET573825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:07.971884966 CET565157382111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:07.973783016 CET573825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:07.974050045 CET573825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:07.974071026 CET573825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:07.979441881 CET565157382111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:07.979542971 CET565157382111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:07.980047941 CET565157382111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.101804972 CET573835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.107239008 CET565157383111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.107351065 CET573835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.107584000 CET573835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.107605934 CET573835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.113106012 CET565157383111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.113193035 CET565157383111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.113420010 CET565157383111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.192101002 CET573845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.198244095 CET565157384111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.198379040 CET573845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.198553085 CET573845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.198553085 CET573845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.204418898 CET565157384111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.204431057 CET565157384111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.214905024 CET565157384111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.347598076 CET573855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.353188038 CET565157385111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.353260040 CET573855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.353616953 CET573855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.353645086 CET573855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.359368086 CET565157385111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.359380960 CET565157385111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.359385014 CET565157385111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.359535933 CET573855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.359772921 CET573855651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.364964962 CET565157385111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.365041018 CET565157385111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.625767946 CET573865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.822829962 CET565157386111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.823002100 CET573865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.823379040 CET573865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.823410034 CET573865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:08.829137087 CET565157386111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:08.829180002 CET565157386111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:09.678374052 CET565157386111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:09.678457022 CET573865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:09.678494930 CET573865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:09.683994055 CET565157386111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:09.719168901 CET573875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:09.724970102 CET565157387111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:09.725035906 CET573875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:09.725224972 CET573875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:09.725239992 CET573875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:09.730581045 CET565157387111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:09.730592012 CET565157387111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:10.577383041 CET565157387111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:10.577641964 CET573875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:10.577706099 CET573875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:10.583250999 CET565157387111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:10.593436956 CET573885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:10.598954916 CET565157388111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:10.600286007 CET573885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:10.600555897 CET573885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:10.600573063 CET573885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:10.607168913 CET565157388111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:10.607182026 CET565157388111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:11.446970940 CET565157388111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:11.447046995 CET573885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:11.447088003 CET573885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:11.452594995 CET565157388111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:11.467405081 CET573895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:11.472960949 CET565157389111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:11.475910902 CET573895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:11.476147890 CET573895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:11.476147890 CET573895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:11.481520891 CET565157389111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:11.481544971 CET565157389111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:12.326725006 CET565157389111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:12.326853037 CET573895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:12.327126026 CET573895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:12.332406044 CET565157389111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:12.343869925 CET573905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:12.349200010 CET565157390111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:12.349343061 CET573905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:12.349670887 CET573905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:12.349711895 CET573905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:12.354993105 CET565157390111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:12.355134964 CET565157390111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:13.212497950 CET565157390111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:13.212579012 CET573905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:13.212639093 CET573905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:13.218291044 CET565157390111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:13.327771902 CET573915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:13.333379030 CET565157391111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:13.333467960 CET573915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:13.333640099 CET573915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:13.333730936 CET573915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:13.339072943 CET565157391111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:13.339123964 CET565157391111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.205257893 CET565157391111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.205355883 CET573915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:14.205425978 CET573915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:14.210804939 CET565157391111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.337518930 CET573925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:14.343132019 CET565157392111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.345797062 CET573925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:14.346024036 CET573925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:14.346035957 CET573925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:14.351434946 CET565157392111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.351445913 CET565157392111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.819417953 CET565157371111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.819490910 CET573715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.819569111 CET573715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.824942112 CET565157371111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.860126019 CET573935651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.865608931 CET565157393111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.865693092 CET573935651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.865892887 CET573935651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.865906000 CET573935651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.871335983 CET565157393111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.871356964 CET565157393111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.928543091 CET56515737365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.928711891 CET573735651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:14.928766012 CET573735651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:14.931917906 CET8057372111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.932002068 CET5737280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.932038069 CET5737280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.934165955 CET56515737365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.937524080 CET8057372111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.964020014 CET808057374111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.964292049 CET573748080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.965085983 CET573748080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.970463991 CET808057374111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.973048925 CET573945651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:14.973115921 CET5739580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.978596926 CET56515739465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.978611946 CET8057395111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.978678942 CET573945651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:14.978683949 CET5739580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.979008913 CET5739580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.979008913 CET5739580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:14.979032993 CET573945651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:14.979042053 CET573945651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:14.984436035 CET8057395111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.984472036 CET8057395111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.984486103 CET56515739465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:14.984497070 CET56515739465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.085277081 CET573968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:15.091336012 CET808057396111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.091437101 CET573968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:15.091655970 CET573968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:15.091667891 CET573968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:15.097079039 CET808057396111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.097093105 CET808057396111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.165338993 CET80805737865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.165476084 CET573788080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:15.165517092 CET573788080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:15.170815945 CET80805737865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.185398102 CET573978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:15.190778017 CET80805739765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.190882921 CET573978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:15.191138029 CET573978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:15.191154003 CET573978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:15.196479082 CET80805739765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.196492910 CET80805739765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.204757929 CET565157392111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.204870939 CET573925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:15.204914093 CET573925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:15.210263968 CET565157392111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.293812990 CET573985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:15.299340963 CET565157398111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.299499035 CET573985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:15.299740076 CET573985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:15.299757004 CET573985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:15.305145025 CET565157398111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:15.305324078 CET565157398111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:16.144875050 CET565157398111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:16.144964933 CET573985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:16.145051003 CET573985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:16.150584936 CET565157398111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:16.183603048 CET573995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:16.189173937 CET565157399111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:16.189270973 CET573995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:16.189507008 CET573995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:16.189542055 CET573995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:16.194837093 CET565157399111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:16.194951057 CET565157399111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:17.065362930 CET565157399111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:17.065457106 CET573995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:17.065591097 CET573995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:17.072603941 CET565157399111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:17.165723085 CET574005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:17.436208010 CET565157400111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:17.436336994 CET574005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:17.436670065 CET574005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:17.436681032 CET574005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:17.442908049 CET565157400111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:17.442929029 CET565157400111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:18.276199102 CET565157400111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:18.279810905 CET574005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:18.326898098 CET574005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:18.332225084 CET565157400111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:18.454658985 CET574015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:18.460155964 CET565157401111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:18.461788893 CET574015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:18.488737106 CET574015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:18.488786936 CET574015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:18.494180918 CET565157401111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:18.495726109 CET565157401111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:19.344649076 CET565157401111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:19.344729900 CET574015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:19.344809055 CET574015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:19.350574970 CET565157401111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:19.451334000 CET574035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:19.456686020 CET565157403111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:19.456790924 CET574035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:19.457046032 CET574035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:19.457063913 CET574035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:19.462385893 CET565157403111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:19.462404013 CET565157403111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:20.330082893 CET565157403111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:20.330187082 CET574035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:20.330245018 CET574035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:20.335738897 CET565157403111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:20.437585115 CET574055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:20.443109989 CET565157405111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:20.443195105 CET574055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:20.443432093 CET574055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:20.443458080 CET574055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:20.448705912 CET565157405111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:20.448774099 CET565157405111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:21.270673037 CET565157405111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:21.270766020 CET574055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:21.270817995 CET574055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:21.276109934 CET565157405111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:21.312588930 CET574065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:21.317975044 CET565157406111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:21.318041086 CET574065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:21.318295956 CET574065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:21.318311930 CET574065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:21.323873043 CET565157406111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:21.323894024 CET565157406111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.233167887 CET565157406111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.233277082 CET574065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:23.233490944 CET574065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:23.238802910 CET565157406111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.287513018 CET574075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:23.292952061 CET565157407111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.293030024 CET574075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:23.294399023 CET574075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:23.294451952 CET574075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:23.299746990 CET565157407111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.299846888 CET565157407111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.348793983 CET565157393111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.348929882 CET573935651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.362354040 CET573935651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.368386984 CET565157393111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.419102907 CET574085651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.424438000 CET565157408111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.424542904 CET574085651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.425573111 CET574085651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.425594091 CET574085651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.431819916 CET565157408111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.431833029 CET565157408111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.468939066 CET8057395111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.469042063 CET5739580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.469101906 CET5739580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.474431992 CET8057395111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.488389969 CET56515739465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.488519907 CET573945651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.489736080 CET573945651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.495044947 CET56515739465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.502331972 CET5740980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.506496906 CET574105651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.507672071 CET8057409111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.507738113 CET5740980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.511885881 CET56515741065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.511940002 CET574105651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.512618065 CET5740980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.512629986 CET5740980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.516088963 CET574105651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.516119003 CET574105651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.517936945 CET8057409111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.517947912 CET8057409111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.521483898 CET56515741065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.521493912 CET56515741065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.597295046 CET808057396111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.597352028 CET573968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.597803116 CET573968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.603230953 CET808057396111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.611675024 CET574118080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.617078066 CET808057411111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.618200064 CET574118080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.618200064 CET574118080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.621737003 CET574118080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:23.623727083 CET808057411111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.627171993 CET808057411111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.697518110 CET80805739765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.697732925 CET573978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.697921991 CET573978080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.703231096 CET80805739765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.724456072 CET574128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.729926109 CET80805741265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.730129004 CET574128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.732053995 CET574128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.732053995 CET574128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:23.737392902 CET80805741265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:23.737443924 CET80805741265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:24.153564930 CET565157407111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:24.153722048 CET574075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:24.153873920 CET574075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:24.159188986 CET565157407111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:24.268688917 CET574135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:24.274218082 CET565157413111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:24.274421930 CET574135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:24.279465914 CET574135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:24.279649973 CET574135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:24.284907103 CET565157413111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:24.284926891 CET565157413111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:25.144902945 CET565157413111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:25.145044088 CET574135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:25.145044088 CET574135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:25.150425911 CET565157413111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:25.276485920 CET574145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:25.283148050 CET565157414111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:25.283233881 CET574145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:25.283478975 CET574145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:25.283490896 CET574145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:25.289932013 CET565157414111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:25.290088892 CET565157414111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:26.114074945 CET565157414111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:26.114548922 CET574145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:26.114651918 CET574145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:26.120007038 CET565157414111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:26.123214006 CET574155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:26.128711939 CET565157415111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:26.129266977 CET574155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:26.129698992 CET574155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:26.129698992 CET574155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:26.135109901 CET565157415111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:26.135133028 CET565157415111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.002217054 CET565157415111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.004195929 CET574155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.008375883 CET574155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.013782978 CET565157415111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.110994101 CET574165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.116482973 CET565157416111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.116588116 CET574165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.117250919 CET574165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.117250919 CET574165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.122641087 CET565157416111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.122699022 CET565157416111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.942909002 CET565157416111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.943000078 CET574165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.943140984 CET574165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.949892998 CET565157416111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.983562946 CET574175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.989206076 CET565157417111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.989639997 CET574175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.990793943 CET574175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.990793943 CET574175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:27.996239901 CET565157417111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:27.996403933 CET565157417111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:28.826316118 CET565157417111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:28.828912020 CET574175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:28.828912020 CET574175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:28.834414959 CET565157417111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:28.878187895 CET574185651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:28.883843899 CET565157418111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:28.883920908 CET574185651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:28.885627985 CET574185651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:28.885627985 CET574185651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:28.891273975 CET565157418111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:28.891527891 CET565157418111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:29.728203058 CET565157418111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:29.728266954 CET574185651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:30.017622948 CET574185651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:30.023288012 CET565157418111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:30.086494923 CET574195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:30.092045069 CET565157419111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:30.092603922 CET574195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:30.095089912 CET574195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:30.095089912 CET574195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:30.100594044 CET565157419111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:30.100624084 CET565157419111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:30.954871893 CET565157419111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:30.954931974 CET574195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:30.955600023 CET574195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:30.961635113 CET565157419111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.053745031 CET574205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:31.059083939 CET565157420111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.059364080 CET574205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:31.061213970 CET574205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:31.061271906 CET574205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:31.066564083 CET565157420111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.066612005 CET565157420111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.971183062 CET565157408111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.971339941 CET565157420111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.971431017 CET574085651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:31.973777056 CET574205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:31.984384060 CET8057409111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.985816956 CET5740980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:31.986068964 CET574085651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:31.989104033 CET574205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:31.991372108 CET565157408111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.991497040 CET5740980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:31.994580984 CET565157420111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.995074987 CET56515741065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:31.995156050 CET574105651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:31.995238066 CET574105651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:31.996812105 CET8057409111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.000678062 CET56515741065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.037673950 CET574215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.037743092 CET5742280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.037825108 CET574235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.038032055 CET574245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:32.043132067 CET565157421111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.043155909 CET8057422111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.043165922 CET56515742365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.043206930 CET574215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.043236971 CET574235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.043236971 CET5742280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.043335915 CET565157424111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.044183016 CET574245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:32.044815063 CET574215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.044846058 CET574215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.044857979 CET5742280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.044883013 CET5742280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.044889927 CET574245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:32.044909000 CET574235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.044919014 CET574245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:32.044931889 CET574235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.050273895 CET565157421111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.050283909 CET565157421111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.050293922 CET8057422111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.050312996 CET8057422111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.050322056 CET565157424111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.050332069 CET56515742365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.050340891 CET565157424111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.050348997 CET56515742365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.128566027 CET808057411111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.128642082 CET574118080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.129528046 CET574118080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.134807110 CET808057411111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.141405106 CET574258080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.146807909 CET808057425111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.149199009 CET574258080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.149574995 CET574258080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.149574995 CET574258080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:32.154849052 CET808057425111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.154860020 CET808057425111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.226269007 CET80805741265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.226548910 CET574128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.226644039 CET574128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.231892109 CET80805741265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.645344973 CET574268080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.650793076 CET80805742665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.650969028 CET574268080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.675784111 CET574268080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.675784111 CET574268080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:32.681269884 CET80805742665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.681288004 CET80805742665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.942570925 CET565157424111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:32.942689896 CET574245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:32.942770958 CET574245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:32.948065996 CET565157424111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:33.025206089 CET574275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.030507088 CET565157427111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:33.030581951 CET574275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.031508923 CET574275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.031517982 CET574275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.036740065 CET565157427111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:33.036830902 CET565157427111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:33.873753071 CET565157427111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:33.873856068 CET574275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.873898029 CET574275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.879323959 CET565157427111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:33.903649092 CET574285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.909904003 CET565157428111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:33.913821936 CET574285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.914069891 CET574285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.914081097 CET574285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:33.919477940 CET565157428111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:33.919511080 CET565157428111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.001147032 CET574295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.008061886 CET565157429111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.009815931 CET574295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.010068893 CET574295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.010082960 CET574295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.015439987 CET565157429111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.015539885 CET565157429111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.023730993 CET565157429111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.110932112 CET574305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.116286039 CET565157430111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.116363049 CET574305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.116952896 CET574305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.116986036 CET574305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.122246981 CET565157430111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.122263908 CET565157430111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.757601976 CET565157428111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.757850885 CET574285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.757903099 CET574285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.763271093 CET565157428111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.778318882 CET574315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.783970118 CET565157431111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.784338951 CET574315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.784852028 CET574315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.784852028 CET574315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.790189028 CET565157431111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.790199995 CET565157431111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.960772991 CET565157430111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:34.960829973 CET574305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.961045027 CET574305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:34.966310024 CET565157430111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.106702089 CET574325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.112201929 CET565157432111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.112293005 CET574325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.113192081 CET574325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.113221884 CET574325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.118444920 CET565157432111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.118829012 CET565157432111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.626554012 CET565157431111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.626622915 CET574315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.626720905 CET574315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.631999969 CET565157431111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.637887001 CET574335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.643326044 CET565157433111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.645806074 CET574335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.646250963 CET574335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.646265030 CET574335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.651578903 CET565157433111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.651627064 CET565157433111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.983568907 CET565157432111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:35.985872984 CET574325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.989763975 CET574325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:35.995337009 CET565157432111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.077491045 CET574345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.083596945 CET565157434111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.085844040 CET574345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.086116076 CET574345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.086129904 CET574345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.091541052 CET565157434111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.091556072 CET565157434111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.499619007 CET565157433111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.499715090 CET574335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.499744892 CET574335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.505168915 CET565157433111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.512943983 CET574355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.518266916 CET565157435111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.521826029 CET574355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.522027016 CET574355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.522041082 CET574355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.881417036 CET565157435111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.881429911 CET565157435111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.929291964 CET565157434111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.929423094 CET574345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.929477930 CET574345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.934886932 CET565157434111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.955734968 CET574365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.961011887 CET565157436111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.961085081 CET574365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.967631102 CET574365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.967649937 CET574365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:36.972954035 CET565157436111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:36.972965956 CET565157436111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:37.728856087 CET565157435111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:37.728945971 CET574355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:37.729620934 CET574355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:37.734920025 CET565157435111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:37.813689947 CET565157436111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:37.817158937 CET574365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:37.817218065 CET574365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:37.822781086 CET565157436111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:37.837196112 CET574375651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:37.842874050 CET565157437111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:37.842957020 CET574375651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:37.844361067 CET574375651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:37.844382048 CET574375651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:37.849987984 CET565157437111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:37.850003004 CET565157437111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:38.679369926 CET565157437111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:38.680432081 CET574375651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.680480003 CET574375651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.685844898 CET565157437111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:38.702564001 CET574385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.708158016 CET565157438111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:38.709816933 CET574385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.710176945 CET574385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.710217953 CET574385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.715863943 CET565157438111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:38.715893030 CET565157438111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:38.812005997 CET574395651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.817560911 CET565157439111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:38.817648888 CET574395651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.817903042 CET574395651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.817914009 CET574395651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:38.823348045 CET565157439111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:38.823385000 CET565157439111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:39.602072954 CET565157438111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:39.603836060 CET574385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:39.603890896 CET574385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:39.609353065 CET565157438111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:39.660352945 CET565157439111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:39.660414934 CET574395651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:39.660973072 CET574395651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:39.666435003 CET565157439111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:39.689624071 CET574405651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:39.695207119 CET565157440111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:39.695278883 CET574405651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:39.696516991 CET574405651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:39.696516991 CET574405651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:39.702136993 CET565157440111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:39.702176094 CET565157440111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.526524067 CET56515742365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.529870987 CET574235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:40.529870987 CET574235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:40.535397053 CET56515742365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.535907030 CET565157421111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.536001921 CET8057422111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.536020041 CET574215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.536082029 CET5742280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.536151886 CET574215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.536345005 CET5742280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.541734934 CET565157421111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.541749001 CET8057422111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.558311939 CET565157440111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.558412075 CET574405651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:40.558412075 CET574405651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:40.563935995 CET565157440111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.585613966 CET574425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:40.591073990 CET565157442111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.591190100 CET574425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:40.601332903 CET574425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:40.601367950 CET574425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:40.606822014 CET565157442111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.606834888 CET565157442111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.611547947 CET574415651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.612843037 CET5744380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.612937927 CET574445651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:40.616986990 CET565157441111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.617284060 CET574415651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.618284941 CET8057443111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.618309975 CET56515744465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.618347883 CET5744380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.618411064 CET574445651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:40.620161057 CET574415651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.620161057 CET574415651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.620251894 CET5744380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.620253086 CET5744380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.620280981 CET574445651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:40.620280981 CET574445651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:40.625570059 CET565157441111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.625581026 CET565157441111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.625591993 CET8057443111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.625605106 CET8057443111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.625642061 CET56515744465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.625653982 CET56515744465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.642554045 CET808057425111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.645862103 CET574258080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.645862103 CET574258080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.651231050 CET808057425111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.676820993 CET574458080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.682255030 CET808057445111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.682317972 CET574458080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.686230898 CET574458080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.686263084 CET574458080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:40.691616058 CET808057445111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:40.691626072 CET808057445111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.140844107 CET80805742665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.145081043 CET574268080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.167001009 CET574268080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.176022053 CET80805742665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.421201944 CET565157442111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.421282053 CET574425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:41.421401978 CET574425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:41.426605940 CET565157442111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.449992895 CET574468080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.455296040 CET80805744665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.455431938 CET574468080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.455588102 CET574468080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.455588102 CET574468080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.460164070 CET574475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:41.460865021 CET80805744665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.460875034 CET80805744665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.460894108 CET574488080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.465481997 CET565157447111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.465586901 CET574475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:41.466120005 CET80805744865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.466120958 CET574475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:41.466136932 CET574475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:41.466171980 CET574488080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.467612028 CET574488080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.467632055 CET574488080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:41.471447945 CET565157447111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.471457958 CET565157447111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.473040104 CET80805744865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:41.473078012 CET80805744865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:42.333430052 CET565157447111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:42.333895922 CET574475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:42.347125053 CET574475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:42.352458000 CET565157447111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:42.426729918 CET574495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:42.432301044 CET565157449111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:42.432423115 CET574495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:42.437242031 CET574495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:42.437263012 CET574495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:42.442579985 CET565157449111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:42.442612886 CET565157449111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:43.266890049 CET565157449111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:43.267919064 CET574495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:43.267980099 CET574495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:43.273427963 CET565157449111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:43.294738054 CET574515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:43.300196886 CET565157451111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:43.300884962 CET574515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:43.301287889 CET574515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:43.303809881 CET574515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:43.306628942 CET565157451111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:43.309211969 CET565157451111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:44.136512995 CET565157451111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:44.136569023 CET574515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.136744022 CET574515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.142069101 CET565157451111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:44.187480927 CET574535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.192739010 CET565157453111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:44.192802906 CET574535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.194878101 CET574535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.194981098 CET574535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.200211048 CET565157453111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:44.200221062 CET565157453111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:44.231690884 CET565157453111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:44.290916920 CET574545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.296242952 CET565157454111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:44.297830105 CET574545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.298012972 CET574545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.301774025 CET574545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:44.303271055 CET565157454111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:44.307106972 CET565157454111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:45.123629093 CET565157454111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:45.123694897 CET574545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:45.123816967 CET574545651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:45.129098892 CET565157454111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:45.153686047 CET574555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:45.159161091 CET565157455111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:45.161833048 CET574555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:45.162004948 CET574555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:45.162060976 CET574555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:45.167377949 CET565157455111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:45.167402029 CET565157455111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.003643990 CET565157455111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.005851030 CET574555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.005958080 CET574555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.011410952 CET565157455111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.029558897 CET574565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.035144091 CET565157456111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.037858963 CET574565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.038038969 CET574565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.039820910 CET574565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.043437004 CET565157456111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.045444012 CET565157456111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.888120890 CET565157456111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.888165951 CET574565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.888216019 CET574565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.893570900 CET565157456111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.918977976 CET574575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.924345016 CET565157457111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.924426079 CET574575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.924642086 CET574575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.924654961 CET574575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:46.930012941 CET565157457111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:46.930042982 CET565157457111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:47.789788961 CET565157457111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:47.789992094 CET574575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:47.790296078 CET574575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:47.795631886 CET565157457111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:47.890691042 CET574585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:47.896292925 CET565157458111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:47.901829958 CET574585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:47.902049065 CET574585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:47.902050018 CET574585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:47.907416105 CET565157458111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:47.907428980 CET565157458111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:48.753750086 CET565157458111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:48.756438971 CET574585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:48.764297962 CET574585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:48.769608974 CET565157458111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.096209049 CET8057443111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.096674919 CET5744380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.099663019 CET56515744465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.099729061 CET574445651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.108114004 CET565157441111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.111821890 CET574415651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.173932076 CET808057445111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.177830935 CET574458080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.478641987 CET5744380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.481687069 CET574445651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.483478069 CET574415651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.483983040 CET8057443111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.485107899 CET574458080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.487014055 CET56515744465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.488797903 CET565157441111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.490695000 CET808057445111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.959117889 CET80805744665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.959172964 CET574468080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.959328890 CET574468080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.964272976 CET80805744865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.964448929 CET574488080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.964854002 CET80805744665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.965137005 CET574488080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.970453024 CET80805744865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.975079060 CET5745980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.976583004 CET574608080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.976906061 CET574615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:49.980376959 CET8057459111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.980444908 CET5745980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.981889009 CET808057460111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.981940031 CET574608080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.982311964 CET565157461111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.982387066 CET574615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:49.988482952 CET5745980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.988672018 CET5745980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.988780022 CET574608080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.988790989 CET574608080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.988806009 CET574615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:49.988847017 CET574615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:49.988909006 CET574625651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.993889093 CET8057459111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.994122028 CET8057459111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.994254112 CET808057460111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.994267941 CET808057460111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.994277000 CET565157461111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.994314909 CET565157461111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.994323969 CET56515746265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:49.994374037 CET574625651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.994739056 CET574625651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.994751930 CET574625651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.995455027 CET574638080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.996097088 CET5746480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:49.997759104 CET574655651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:49.998853922 CET574665651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.000355959 CET56515746265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.000437021 CET56515746265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.000809908 CET80805746365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.000866890 CET574638080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:50.001059055 CET574638080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:50.001075983 CET574638080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:50.001660109 CET8057464111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.003495932 CET56515746565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.003566980 CET5746480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.003985882 CET5746480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.004012108 CET5746480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.004036903 CET574655651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:50.004036903 CET574655651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:50.004553080 CET565157466111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.004607916 CET574665651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.004837990 CET574665651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.004849911 CET574665651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.006422997 CET80805746365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.006606102 CET80805746365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.009543896 CET8057464111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.009594917 CET8057464111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.009660006 CET56515746565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.009764910 CET574655651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:50.010329008 CET565157466111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.010499001 CET565157466111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.010890961 CET574675651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.012780905 CET574685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.015067101 CET56515746565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.015790939 CET574698080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.016402960 CET565157467111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.016499996 CET574675651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.016855955 CET574675651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.016865015 CET574675651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.018076897 CET565157468111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.021114111 CET808057469111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.021363974 CET574685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.021363974 CET574685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.021363974 CET574698080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.021419048 CET574685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.022325039 CET565157467111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.022335052 CET565157467111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.023757935 CET574698080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.023757935 CET574698080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:50.026891947 CET565157468111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.027245998 CET565157468111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.029120922 CET808057469111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.029130936 CET808057469111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.865869999 CET565157468111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.865957022 CET574685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.866004944 CET574685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.870114088 CET565157461111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.870196104 CET574615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.870413065 CET574615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.871361017 CET565157468111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.875786066 CET565157461111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.952917099 CET574705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.958651066 CET565157470111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.961901903 CET574705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.962483883 CET574705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.965895891 CET574705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:50.967919111 CET565157470111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:50.971407890 CET565157470111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:51.807776928 CET565157470111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:51.807859898 CET574705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:51.855642080 CET574705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:51.861372948 CET565157470111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:52.153831959 CET574715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.159718037 CET565157471111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:52.159794092 CET574715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.160835028 CET574715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.160849094 CET574715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.161173105 CET574725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.166430950 CET565157471111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:52.166636944 CET565157471111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:52.166671038 CET565157472111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:52.166739941 CET574725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.167509079 CET574725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.167525053 CET574725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.173079967 CET565157472111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:52.173825979 CET565157472111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:52.988832951 CET565157471111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:52.988910913 CET574715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.988975048 CET574715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:52.994328022 CET565157471111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:53.006920099 CET565157472111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:53.007847071 CET574725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:53.007877111 CET574725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:53.013618946 CET565157472111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:53.048597097 CET574735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:53.055460930 CET565157473111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:53.055538893 CET574735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:53.056600094 CET574735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:53.056600094 CET574735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:53.061985970 CET565157473111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:53.062022924 CET565157473111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:53.935349941 CET565157473111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:53.936497927 CET574735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:53.936499119 CET574735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:53.941917896 CET565157473111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:54.015702009 CET574745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.021101952 CET565157474111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:54.021833897 CET574745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.022027016 CET574745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.022042990 CET574745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.027285099 CET565157474111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:54.027825117 CET565157474111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:54.862049103 CET565157474111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:54.862166882 CET574745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.862221956 CET574745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.867896080 CET565157474111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:54.889075994 CET574755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.894589901 CET565157475111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:54.897833109 CET574755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.898051977 CET574755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.898051977 CET574755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:54.904047966 CET565157475111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:54.904129982 CET565157475111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:55.743680000 CET565157475111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:55.745923996 CET574755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:55.745923996 CET574755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:55.751332998 CET565157475111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:55.765033960 CET574765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:55.770622969 CET565157476111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:55.772927046 CET574765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:55.773209095 CET574765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:55.773209095 CET574765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:55.778700113 CET565157476111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:55.778711081 CET565157476111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:56.616123915 CET565157476111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:56.616178989 CET574765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.621673107 CET574765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.627701044 CET565157476111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:56.814204931 CET574775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.819637060 CET565157477111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:56.819719076 CET574775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.820564985 CET574775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.820579052 CET574775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.825963020 CET565157477111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:56.825978041 CET565157477111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:56.887129068 CET574785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.893296003 CET565157478111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:56.893368006 CET574785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.895064116 CET574785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.895078897 CET574785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:56.900470018 CET565157478111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:56.901010036 CET565157478111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.693770885 CET565157477111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.696325064 CET574775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.696492910 CET574775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.702189922 CET565157477111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.734693050 CET574795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.740535021 CET565157479111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.740619898 CET574795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.740796089 CET574795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.740842104 CET574795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.745335102 CET565157478111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.745398998 CET574785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.745647907 CET574785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.746206045 CET565157479111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.746803999 CET565157479111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.750937939 CET565157478111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.841809034 CET574805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.847389936 CET565157480111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.847855091 CET574805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.848071098 CET574805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.848083973 CET574805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:57.853560925 CET565157480111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:57.853807926 CET565157480111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.453735113 CET808057460111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.455868006 CET574608080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.455918074 CET574608080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.462856054 CET808057460111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.469362974 CET8057459111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.472336054 CET5745980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.472336054 CET5745980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.474862099 CET8057464111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.476979971 CET56515746265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.477077007 CET5746480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.477118015 CET574625651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.477118015 CET574625651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.477336884 CET5746480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.480698109 CET8057459111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.486346006 CET56515746265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.486366987 CET8057464111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.488568068 CET565157466111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.489875078 CET574665651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.490005016 CET574665651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.491885900 CET80805746365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.492872000 CET574638080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.493046045 CET574638080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.495415926 CET56515746565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.495946884 CET574655651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.495946884 CET574655651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.497179031 CET565157466111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.501236916 CET80805746365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.503530979 CET56515746565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.503542900 CET808057469111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.503566980 CET574818080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.503638983 CET574698080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.503679991 CET574698080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.506689072 CET5748280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.506767988 CET574838080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.506880999 CET574845651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.509116888 CET80805748165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.510770082 CET808057469111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.510867119 CET574818080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.511143923 CET574818080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.511157036 CET574818080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.514638901 CET8057482111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.514650106 CET808057483111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.514661074 CET56515748465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.514730930 CET5748280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.514764071 CET574845651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.514764071 CET574838080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.515213966 CET5748280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.515228033 CET5748280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.515247107 CET574838080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.515258074 CET574838080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.515279055 CET574845651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.516415119 CET574845651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.517643929 CET80805748165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.517654896 CET80805748165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.520642042 CET8057482111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.520651102 CET8057482111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.520659924 CET808057483111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.520668983 CET808057483111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.520678997 CET56515748465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.522811890 CET56515748465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.525821924 CET565157467111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.527086973 CET574855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.527137041 CET574675651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.527165890 CET574675651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.532584906 CET565157485111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.532638073 CET565157467111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.532721043 CET574855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.532948017 CET574855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.532959938 CET574855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.540803909 CET565157485111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.540819883 CET565157485111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.592036009 CET565157479111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.592103958 CET574795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.592187881 CET574795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.598342896 CET565157479111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.616254091 CET574865651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.618539095 CET574875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.620531082 CET574898080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.620631933 CET574885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.621236086 CET574908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.621803999 CET565157486111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.621898890 CET574865651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.622098923 CET574865651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.622397900 CET574865651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.624615908 CET565157487111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.624933004 CET574875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.625154018 CET574875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.625334978 CET574875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.626000881 CET808057489111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.626144886 CET574898080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.626372099 CET574898080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.626383066 CET574898080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:53:58.626513004 CET56515748865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.626569986 CET574885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.626760006 CET574885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.626771927 CET574885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.627434969 CET80805749065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.627489090 CET574908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.627692938 CET565157486111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.627713919 CET574908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.627746105 CET565157486111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.628514051 CET574908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:53:58.630875111 CET565157487111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.631083012 CET565157487111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.631880999 CET808057489111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.631989002 CET808057489111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.632147074 CET56515748865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.632767916 CET56515748865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.633497000 CET80805749065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.634042978 CET80805749065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.718511105 CET565157480111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.718699932 CET574805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.718730927 CET574805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.724402905 CET565157480111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.830686092 CET574915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.836052895 CET565157491111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.836129904 CET574915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.836543083 CET574915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.836565971 CET574915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:58.841941118 CET565157491111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:58.842374086 CET565157491111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.443295956 CET565157487111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.443408966 CET574875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.443408966 CET574875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.453645945 CET565157487111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.489224911 CET574925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.494683981 CET565157492111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.495871067 CET574925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.496121883 CET574925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.496121883 CET574925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.501678944 CET565157492111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.502165079 CET565157492111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.708179951 CET565157491111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.709872007 CET574915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.709912062 CET574915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.716459990 CET565157491111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.812764883 CET574935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.818304062 CET565157493111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.818603992 CET574935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.819243908 CET574935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.820174932 CET574935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:53:59.824681044 CET565157493111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:53:59.825787067 CET565157493111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.351725101 CET565157492111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.351871967 CET574925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.352128983 CET574925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.357536077 CET565157492111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.470984936 CET574945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.476864100 CET565157494111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.476933002 CET574945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.479255915 CET574945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.479279041 CET574945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.484636068 CET565157494111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.485390902 CET565157494111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.558166027 CET565157494111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.580806017 CET574955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.586704969 CET565157495111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.588123083 CET574955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.588404894 CET574955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.588433981 CET574955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.594090939 CET565157495111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.594491959 CET565157495111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.697879076 CET565157493111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.697966099 CET574935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.698096991 CET574935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.703533888 CET565157493111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.799084902 CET574965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.804589033 CET565157496111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.804675102 CET574965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.805241108 CET574965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.805274963 CET574965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:00.811031103 CET565157496111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:00.811044931 CET565157496111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.432755947 CET565157495111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.433902979 CET574955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.436976910 CET574955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.442563057 CET565157495111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.457901001 CET574975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.463275909 CET565157497111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.463350058 CET574975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.466581106 CET574975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.467559099 CET574975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.472014904 CET565157497111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.473094940 CET565157497111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.657715082 CET565157496111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.657845974 CET574965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.658137083 CET574965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.664091110 CET565157496111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.722978115 CET574985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.728859901 CET565157498111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.728924990 CET574985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.989763975 CET574985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.989814043 CET574985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:01.995462894 CET565157498111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:01.995501995 CET565157498111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.331285954 CET565157497111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.333024979 CET574975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.333102942 CET574975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.338682890 CET565157497111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.434922934 CET574995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.440686941 CET565157499111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.442682028 CET574995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.442899942 CET574995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.442909002 CET574995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.448892117 CET565157499111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.448909998 CET565157499111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.571743965 CET565157498111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.571872950 CET574985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.571872950 CET574985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.577424049 CET565157498111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.664007902 CET575005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.669433117 CET565157500111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.669524908 CET575005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.671485901 CET575005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.671500921 CET575005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:02.676953077 CET565157500111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:02.677572012 CET565157500111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.276504040 CET565157499111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.276592970 CET574995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.276654005 CET574995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.282145977 CET565157499111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.311805964 CET575015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.317707062 CET565157501111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.317876101 CET575015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.318221092 CET575015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.318238974 CET575015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.323766947 CET565157501111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.323946953 CET565157501111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.517653942 CET565157500111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.517797947 CET575005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.517864943 CET575005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.524137020 CET565157500111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.536294937 CET575025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.541770935 CET565157502111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.541924953 CET575025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.543323994 CET575025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.543340921 CET575025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.547573090 CET565157502111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.547626019 CET575025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.547712088 CET575025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.548738003 CET565157502111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.548801899 CET565157502111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.553009033 CET565157502111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.553118944 CET565157502111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.640211105 CET575035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.646249056 CET565157503111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.649252892 CET575035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.652462959 CET575035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.652462959 CET575035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:03.658037901 CET565157503111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:03.658134937 CET565157503111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.163707972 CET565157501111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.164752007 CET575015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.164916039 CET575015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.170492887 CET565157501111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.187391043 CET575045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.192852020 CET565157504111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.193845034 CET575045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.194263935 CET575045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.194274902 CET575045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.199784040 CET565157504111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.199841976 CET565157504111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.485903025 CET565157503111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.489968061 CET575035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.520369053 CET575035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.527278900 CET565157503111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.791537046 CET575055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.797023058 CET565157505111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.797096014 CET575055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.820585012 CET575055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.820625067 CET575055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:04.827364922 CET565157505111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:04.827442884 CET565157505111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.034543991 CET565157504111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.035906076 CET575045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.035988092 CET575045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.041460037 CET565157504111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.073842049 CET575065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.079235077 CET565157506111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.079319954 CET575065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.079699039 CET575065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.079709053 CET575065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.085500956 CET565157506111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.085526943 CET565157506111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.644807100 CET565157505111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.644886971 CET575055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.645036936 CET575055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.650882959 CET565157505111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.717489004 CET575075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.724782944 CET565157507111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.725945950 CET575075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.726325035 CET575075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.726335049 CET575075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.733441114 CET565157507111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.733469963 CET565157507111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.932204008 CET565157506111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:05.933861971 CET575065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.933912992 CET575065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:05.939414978 CET565157506111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.053615093 CET575085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.060504913 CET565157508111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.061855078 CET575085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.062096119 CET575085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.062109947 CET575085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.068825006 CET565157508111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.068850040 CET565157508111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.586481094 CET565157507111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.586688042 CET575075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.587639093 CET575075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.594187975 CET565157507111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.708677053 CET575095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.714235067 CET565157509111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.714310884 CET575095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.715545893 CET575095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.715584040 CET575095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.720964909 CET565157509111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.721004963 CET565157509111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.946479082 CET565157508111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.949842930 CET575085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.949887037 CET575085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:06.955631971 CET565157508111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.989969969 CET80805748165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:06.993869066 CET574818080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:06.993910074 CET574818080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.004554987 CET56515748465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.004590034 CET8057482111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.004620075 CET808057483111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.004626036 CET574845651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.004674911 CET5748280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.004673958 CET574838080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.004841089 CET574845651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.005364895 CET80805748165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.010162115 CET56515748465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.011043072 CET565157485111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.011105061 CET574855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.012676001 CET5748280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.019649029 CET8057482111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.022377968 CET574838080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.024879932 CET574855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.027942896 CET808057483111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.031042099 CET565157485111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.051119089 CET575105651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.054090023 CET575115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.056845903 CET565157510111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.057123899 CET575105651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.059566975 CET565157511111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.059664965 CET575115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.105144978 CET565157486111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.105873108 CET574865651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.108891964 CET808057489111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.109940052 CET574898080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.118506908 CET80805749065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.118585110 CET574908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.119309902 CET56515748865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.121851921 CET574885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.163851023 CET575105651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.163851023 CET575105651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.169337988 CET565157510111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.169410944 CET565157510111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.252912998 CET575115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.258435965 CET565157511111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.263684034 CET575115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.270005941 CET565157511111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.317373037 CET5751280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.323057890 CET8057512111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.325860023 CET5751280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.403820038 CET574885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.407188892 CET574908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.408406973 CET574898080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.408478022 CET574865651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.409395933 CET56515748865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.412813902 CET80805749065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.413608074 CET5751280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.413634062 CET5751280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.413830996 CET808057489111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.414180040 CET575135651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.414526939 CET575148080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.414596081 CET575158080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.414729118 CET565157486111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.419070005 CET8057512111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.419092894 CET8057512111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.419578075 CET56515751365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.419843912 CET80805751465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.419912100 CET808057515111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.419991016 CET575135651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.420033932 CET575148080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.420053005 CET575158080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.420495033 CET575158080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.420495033 CET575158080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.424731016 CET575135651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.424777031 CET575135651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.424979925 CET575148080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.424993038 CET575148080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.426013947 CET808057515111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.426664114 CET808057515111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.430068970 CET575168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.430072069 CET56515751365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.430109978 CET56515751365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.430656910 CET80805751465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.430721998 CET80805751465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.435415983 CET808057516111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.435496092 CET575168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.440680981 CET575168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.440711021 CET575178080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.441093922 CET575168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.445792913 CET575185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.446186066 CET808057516111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.446209908 CET80805751765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.446326017 CET575178080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.446391106 CET808057516111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.448612928 CET575178080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.448612928 CET575178080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.452287912 CET56515751865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.452394962 CET575185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.452965021 CET575185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.453190088 CET575185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:07.454001904 CET80805751765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.454236031 CET80805751765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.458859921 CET56515751865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.458993912 CET56515751865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.470477104 CET575195651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.475975990 CET565157519111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.476061106 CET575195651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.476416111 CET575195651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.476416111 CET575195651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:07.481715918 CET565157519111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.481929064 CET565157519111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.580593109 CET565157509111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.580698013 CET575095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.584320068 CET575095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.590214014 CET565157509111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.688834906 CET575205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.694382906 CET565157520111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.694492102 CET575205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.695202112 CET575205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.695219994 CET575205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.700629950 CET565157520111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.700674057 CET565157520111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.967339039 CET565157511111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:07.968020916 CET575115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.968020916 CET575115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:07.973776102 CET565157511111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.019556046 CET575215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.025578976 CET565157521111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.025810957 CET575215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.026439905 CET575215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.026439905 CET575215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.032318115 CET565157521111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.032351017 CET565157521111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.519345045 CET565157520111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.519893885 CET575205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.520059109 CET575205651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.526671886 CET565157520111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.573122025 CET575225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.578636885 CET565157522111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.580338955 CET575225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.581393957 CET575225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.581403971 CET575225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.589298964 CET565157522111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.589313984 CET565157522111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.874619961 CET565157521111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.874778032 CET575215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.874825001 CET575215651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.880662918 CET565157521111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.895716906 CET575235651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.901928902 CET565157523111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.902040005 CET575235651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.902434111 CET575235651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.902434111 CET575235651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:08.909269094 CET565157523111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:08.909446001 CET565157523111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:09.503067017 CET565157522111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:09.503134966 CET575225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:09.513148069 CET575225651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:09.518734932 CET565157522111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:09.566543102 CET575245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:09.572165966 CET565157524111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:09.572532892 CET575245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:09.591916084 CET575245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:09.592044115 CET575245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:09.598248959 CET565157524111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:09.598546982 CET565157524111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:09.850375891 CET565157523111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:09.850662947 CET575235651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:09.997420073 CET575235651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.003694057 CET565157523111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.114119053 CET575255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.119910002 CET565157525111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.120012999 CET575255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.122631073 CET575255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.122631073 CET575255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.128021955 CET565157525111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.128405094 CET565157525111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.739960909 CET565157524111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.740036011 CET575245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.740268946 CET575245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.740984917 CET565157524111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.741038084 CET575245651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.745747089 CET565157524111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.861567974 CET575265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.867182016 CET565157526111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.867263079 CET575265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.868208885 CET575265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.868236065 CET575265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.873811960 CET565157526111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.874129057 CET565157526111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.974402905 CET565157525111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:10.977982998 CET575255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.977982998 CET575255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:10.983396053 CET565157525111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.092030048 CET575275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.097768068 CET565157527111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.097846031 CET575275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.098767042 CET575275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.098781109 CET575275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.104516983 CET565157527111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.104635954 CET565157527111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.702306986 CET565157526111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.705962896 CET575265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.708847046 CET575265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.714231014 CET565157526111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.734225988 CET575285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.739646912 CET565157528111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.741885900 CET575285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.742135048 CET575285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.742152929 CET575285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.747909069 CET565157528111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.748168945 CET565157528111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.968611002 CET565157527111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:11.969883919 CET575275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.969950914 CET575275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:11.975513935 CET565157527111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.066658974 CET575295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.072251081 CET565157529111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.072958946 CET575295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.073215008 CET575295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.073226929 CET575295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.078598022 CET565157529111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.078613043 CET565157529111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.587522030 CET565157528111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.587728024 CET575285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.725992918 CET575285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.731652975 CET565157528111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.831770897 CET575305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.837204933 CET565157530111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.837277889 CET575305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.841118097 CET575305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.841142893 CET575305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.847012997 CET565157530111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.847081900 CET565157530111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.921348095 CET565157529111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.921412945 CET575295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.921454906 CET575295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.926949978 CET565157529111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.941273928 CET575315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.947690010 CET565157531111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.947768927 CET575315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.949383974 CET575315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.949398994 CET575315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:12.954848051 CET565157531111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:12.955065012 CET565157531111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.729429007 CET565157530111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.729516983 CET575305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.729567051 CET575305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.735025883 CET565157530111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.810625076 CET575325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.816771030 CET565157531111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.816848993 CET565157532111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.816884041 CET575315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.817145109 CET575315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.817234039 CET575325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.817583084 CET575325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.817583084 CET575325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.822627068 CET565157531111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.823101044 CET565157532111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.823133945 CET565157532111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.923834085 CET575335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.929474115 CET565157533111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.929611921 CET575335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.930785894 CET575335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.930785894 CET575335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:13.937457085 CET565157533111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:13.937592983 CET565157533111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.668701887 CET565157532111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.668798923 CET575325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.668857098 CET575325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.674252987 CET565157532111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.688580990 CET575345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.694212914 CET565157534111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.694305897 CET575345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.695563078 CET575345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.695782900 CET575345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.701004982 CET565157534111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.701117992 CET565157534111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.789916992 CET565157533111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.790661097 CET575335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.801913977 CET575335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.807967901 CET565157533111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.843272924 CET575355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.848880053 CET565157535111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.848974943 CET575355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.884541988 CET575355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.884568930 CET575355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:14.890022039 CET565157535111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:14.890062094 CET565157535111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.522386074 CET565157534111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.524204969 CET575345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.524249077 CET575345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.529618979 CET565157534111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.566414118 CET575365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.571852922 CET565157536111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.571919918 CET575365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.573101997 CET575365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.573115110 CET575365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.575032949 CET565157510111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.575124979 CET575105651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.575229883 CET575105651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.578557014 CET565157536111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.578583002 CET565157536111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.581252098 CET565157510111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.674623013 CET575375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.680725098 CET565157537111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.680789948 CET575375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.681061983 CET575375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.681072950 CET575375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.686336994 CET565157537111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.686465979 CET565157537111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.695183992 CET565157535111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.695230961 CET575355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.695436001 CET575355651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.701174021 CET565157535111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.780487061 CET575385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.785998106 CET565157538111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.789874077 CET575385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.791114092 CET575385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.791145086 CET575385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:15.794063091 CET8057512111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.794123888 CET5751280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.794262886 CET5751280192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.796526909 CET565157538111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.796581984 CET565157538111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.799554110 CET8057512111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.889487982 CET56515751365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.889609098 CET575135651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:15.889647961 CET575135651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:15.893652916 CET5753980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.895220995 CET56515751365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.899168015 CET8057539111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.899290085 CET5753980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.899919033 CET5753980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.899950981 CET5753980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.904366016 CET80805751465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.904470921 CET575148080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:15.904470921 CET575148080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:15.905297995 CET8057539111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.905406952 CET8057539111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.909828901 CET808057515111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.909909964 CET575158080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.909909964 CET575158080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.910005093 CET80805751465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.915411949 CET808057515111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.924698114 CET808057516111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.924791098 CET575168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.924968958 CET575168080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.930263042 CET808057516111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.937464952 CET80805751765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.937596083 CET575178080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:15.937596083 CET575178080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:15.938386917 CET56515751865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.938443899 CET575185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:15.938529015 CET575185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:15.943413019 CET80805751765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.943944931 CET56515751865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.958986044 CET565157519111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:15.959050894 CET575195651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.959116936 CET575195651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:15.964580059 CET565157519111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.000519037 CET575408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:16.002161026 CET575415651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:16.002851009 CET575425651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:16.006247044 CET808057540111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.007639885 CET56515754165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.007765055 CET575415651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:16.007766008 CET575408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:16.008351088 CET565157542111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.008426905 CET575425651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:16.008836031 CET575408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:16.008836031 CET575415651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:16.008836031 CET575408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:16.008836031 CET575415651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:16.009052992 CET575425651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:16.009814024 CET575425651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:16.014277935 CET56515754165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.014319897 CET808057540111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.014333963 CET808057540111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.014348030 CET56515754165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.014460087 CET565157542111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.015264034 CET565157542111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.027328014 CET575438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:16.032818079 CET80805754365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.035913944 CET575438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:16.036305904 CET575438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:16.036315918 CET575438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:16.041845083 CET80805754365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.041868925 CET80805754365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.490113974 CET565157536111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.493916988 CET575365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.493962049 CET575365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.499403954 CET565157536111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.553067923 CET575445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.558700085 CET565157544111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.558790922 CET575445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.562983036 CET575445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.562999010 CET575445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.568949938 CET565157544111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.568977118 CET565157544111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.627372026 CET565157538111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.627441883 CET575385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.627482891 CET575385651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.633033037 CET565157538111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.657140970 CET575455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.662883043 CET565157545111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.662951946 CET575455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.663157940 CET575455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.663192987 CET575455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:16.668776035 CET565157545111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:16.668881893 CET565157545111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:17.422580004 CET565157544111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:17.425934076 CET575445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:17.429828882 CET575445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:17.436243057 CET565157544111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:17.490638971 CET565157545111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:17.493907928 CET575455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:17.493937016 CET575455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:17.500078917 CET565157545111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:17.535255909 CET575465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:17.541048050 CET565157546111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:17.541125059 CET575465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:17.541614056 CET575465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:17.541631937 CET575465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:17.547344923 CET565157546111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:17.547369003 CET565157546111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:18.379110098 CET565157546111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:18.379168987 CET575465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:18.379359007 CET575465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:18.384620905 CET565157546111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:18.403963089 CET575475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:18.409656048 CET565157547111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:18.413876057 CET575475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:18.414089918 CET575475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:18.414089918 CET575475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:18.419651031 CET565157547111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:18.419682980 CET565157547111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:19.242096901 CET565157547111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:19.245882034 CET575475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:19.246064901 CET575475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:19.251964092 CET565157547111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:19.279280901 CET575485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:19.284857035 CET565157548111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:19.286091089 CET575485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:19.286091089 CET575485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:19.286108971 CET575485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:19.295219898 CET565157548111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:19.295260906 CET565157548111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:20.160007000 CET565157548111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:20.160068989 CET575485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:20.160129070 CET575485651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:20.165709972 CET565157548111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:20.282763958 CET575495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:20.288500071 CET565157549111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:20.288614988 CET575495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:20.291662931 CET575495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:20.292406082 CET575495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:20.297559977 CET565157549111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:20.297812939 CET565157549111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:21.147459030 CET565157549111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:21.147591114 CET575495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:21.147634983 CET575495651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:21.153053999 CET565157549111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:21.247306108 CET575505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:21.252995968 CET565157550111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:21.254144907 CET575505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:21.254328012 CET575505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:21.254328012 CET575505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:21.260348082 CET565157550111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:21.260385990 CET565157550111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:22.119679928 CET565157550111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:22.119950056 CET575505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:22.120321989 CET575505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:22.125674009 CET565157550111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:22.238571882 CET575515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:22.244029999 CET565157551111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:22.244201899 CET575515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:22.245979071 CET575515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:22.246119976 CET575515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:22.251656055 CET565157551111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:22.251719952 CET565157551111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.077950001 CET565157551111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.078224897 CET575515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.078372955 CET575515651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.083703041 CET565157551111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.109288931 CET575525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.114813089 CET565157552111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.116110086 CET575525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.116560936 CET575525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.116605997 CET575525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.121953011 CET565157552111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.121970892 CET565157552111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.952982903 CET565157552111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.953912973 CET575525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.954170942 CET575525651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.959465027 CET565157552111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.983061075 CET575535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.988573074 CET565157553111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.989633083 CET575535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.989973068 CET575535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.991991997 CET575535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:23.995594978 CET565157553111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:23.997489929 CET565157553111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.156229019 CET565157537111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.156497002 CET575375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.156593084 CET575375651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.162225962 CET565157537111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.214266062 CET575545651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.220189095 CET565157554111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.220334053 CET575545651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.221621990 CET575545651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.222342968 CET575545651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.227044106 CET565157554111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.227791071 CET565157554111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.404155970 CET8057539111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.405869007 CET5753980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.414437056 CET5753980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.419801950 CET8057539111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.490850925 CET565157542111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.491238117 CET56515754165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.491576910 CET575425651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.491630077 CET575415651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.494558096 CET808057540111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.494893074 CET575408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.544341087 CET80805754365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.544426918 CET575438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.565659046 CET575425651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.571094036 CET565157542111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.597162008 CET575415651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.600349903 CET575408080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.602696896 CET56515754165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.605834007 CET808057540111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.623502016 CET575438080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.628943920 CET80805754365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.666083097 CET5755580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.670037031 CET575565651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.674046993 CET8057555111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.674143076 CET575578080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.674221992 CET575585651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.674271107 CET5755580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.674426079 CET575598080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.674499989 CET5755580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.674510002 CET5755580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.677469969 CET565157556111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.677881002 CET575565651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.678054094 CET575565651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.678054094 CET575565651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.681828022 CET808057557111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.681862116 CET56515755865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.681961060 CET80805755965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.682049036 CET575578080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.682106972 CET8057555111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.682137012 CET8057555111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.682146072 CET575598080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.682148933 CET575585651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.682574987 CET575578080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.682585955 CET575578080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:24.682707071 CET575585651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.682723999 CET575585651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.682740927 CET575598080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.685736895 CET565157556111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.685769081 CET565157556111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.685779095 CET575598080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:24.690080881 CET808057557111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.690119982 CET808057557111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.690175056 CET56515755865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.690203905 CET56515755865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.690232038 CET80805755965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.693295956 CET80805755965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.845308065 CET565157553111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.845377922 CET575535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:24.845442057 CET575535651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:24.850811958 CET565157553111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.863615990 CET575605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:24.871382952 CET565157560111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.871454954 CET575605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:24.871875048 CET575605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:24.871926069 CET575605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:24.879832029 CET565157560111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:24.879882097 CET565157560111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:25.924195051 CET565157560111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:25.924474001 CET575605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:25.924520016 CET575605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:25.930262089 CET565157560111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:25.954385042 CET575615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:25.959798098 CET565157561111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:25.959954023 CET575615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:25.960922003 CET575615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:25.960937023 CET575615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:25.966329098 CET565157561111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:25.966360092 CET565157561111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:26.832796097 CET565157561111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:26.834007978 CET575615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:26.834008932 CET575615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:26.839473963 CET565157561111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:26.935657978 CET575625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:26.941211939 CET565157562111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:26.941411972 CET575625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:26.941652060 CET575625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:26.941652060 CET575625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:26.947055101 CET565157562111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:26.947110891 CET565157562111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:27.823928118 CET565157562111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:27.823997974 CET575625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:27.824054003 CET575625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:27.829797029 CET565157562111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:27.922774076 CET575635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:27.928152084 CET565157563111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:27.928209066 CET575635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:27.928479910 CET575635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:27.928494930 CET575635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:27.934109926 CET565157563111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:27.934334040 CET565157563111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:28.769929886 CET565157563111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:28.769990921 CET575635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:28.770045042 CET575635651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:28.775876999 CET565157563111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:28.832092047 CET575645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:28.837579012 CET565157564111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:28.837672949 CET575645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:28.839078903 CET575645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:28.839078903 CET575645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:28.845078945 CET565157564111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:28.845092058 CET565157564111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:29.689951897 CET565157564111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:29.692015886 CET575645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:29.692015886 CET575645651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:29.697621107 CET565157564111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:29.780086040 CET575655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:29.785623074 CET565157565111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:29.787929058 CET575655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:29.788168907 CET575655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:29.788188934 CET575655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:29.794190884 CET565157565111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:29.794203043 CET565157565111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:30.621016979 CET565157565111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:30.621875048 CET575655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:30.622060061 CET575655651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:30.627429962 CET565157565111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:30.660782099 CET575665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:30.666199923 CET565157566111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:30.666260958 CET575665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:30.666738987 CET575665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:30.666966915 CET575665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:30.672102928 CET565157566111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:30.673156023 CET565157566111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:31.509162903 CET565157566111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:31.513930082 CET575665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:31.513983965 CET575665651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:31.519270897 CET565157566111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:31.550957918 CET575675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:31.556324005 CET565157567111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:31.556385040 CET575675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:31.718755960 CET575675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:31.718775034 CET575675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:31.724231005 CET565157567111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:31.724303961 CET565157567111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.386858940 CET565157567111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.386938095 CET575675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:32.387326002 CET575675651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:32.393657923 CET565157567111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.406503916 CET575685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:32.412110090 CET565157568111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.412211895 CET575685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:32.412904978 CET575685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:32.412904978 CET575685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:32.418337107 CET565157568111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.418946028 CET565157568111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.698306084 CET565157554111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.701992989 CET575545651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:32.705842018 CET575545651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:32.711240053 CET565157554111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.737292051 CET575695651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:32.742974043 CET565157569111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.743076086 CET575695651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:32.744929075 CET575695651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:32.744929075 CET575695651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:32.750516891 CET565157569111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:32.750555992 CET565157569111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.236145020 CET565157556111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.236258984 CET8057555111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.236385107 CET5755580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.236407995 CET575565651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.236433983 CET5755580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.236444950 CET575565651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.236588955 CET56515755865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.236603975 CET808057557111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.236665964 CET575585651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.236784935 CET80805755965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.236826897 CET575578080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.236835957 CET575598080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.237219095 CET575585651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.237580061 CET575578080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.237993956 CET575598080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.242260933 CET8057555111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.242487907 CET565157556111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.243356943 CET56515755865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.243386030 CET808057557111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.243398905 CET80805755965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.252240896 CET565157568111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.253889084 CET575685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:33.253907919 CET575685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:33.259943962 CET565157568111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.282090902 CET5757080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.284152985 CET575715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.285258055 CET575725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:33.285330057 CET575738080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.287719011 CET8057570111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.289866924 CET565157571111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.289933920 CET5757080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.289951086 CET575715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.290338993 CET5757080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.290369034 CET5757080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.290797949 CET565157572111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.290827036 CET808057573111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.290870905 CET575725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:33.290896893 CET575738080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.291840076 CET575715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.291851044 CET575715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.291966915 CET575738080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.291985989 CET575738080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:33.292012930 CET575725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:33.292021990 CET575725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:33.292221069 CET575745651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.293785095 CET575758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.296786070 CET8057570111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.296869993 CET8057570111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.297885895 CET565157571111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.298320055 CET565157571111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.298599005 CET808057573111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.298612118 CET808057573111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.298624039 CET565157572111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.298707962 CET565157572111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.298723936 CET56515757465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.298794031 CET575745651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.299474001 CET575745651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.299474001 CET575745651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.299927950 CET80805757565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.299993992 CET575758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.300195932 CET575758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.300209045 CET575758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:33.305342913 CET56515757465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.305375099 CET56515757465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.305974960 CET80805757565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:33.306068897 CET80805757565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:34.145118952 CET565157572111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:34.145203114 CET575725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:34.145291090 CET575725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:34.151743889 CET565157572111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:34.158878088 CET575765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:34.164450884 CET565157576111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:34.164525986 CET575765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:34.165225029 CET575765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:34.165261984 CET575765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:34.170917988 CET565157576111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:34.171418905 CET565157576111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:35.020339012 CET565157576111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:35.025945902 CET575765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:35.026052952 CET575765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:35.031518936 CET565157576111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:35.141922951 CET575775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:35.399113894 CET565157577111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:35.399210930 CET575775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:35.402666092 CET575775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:35.402739048 CET575775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:35.408102036 CET565157577111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:35.408392906 CET565157577111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:36.260823011 CET565157577111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:36.265891075 CET575775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:36.265948057 CET575775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:36.271609068 CET565157577111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:36.342364073 CET575785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:36.348110914 CET565157578111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:36.349916935 CET575785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:36.350106955 CET575785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:36.350136042 CET575785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:36.355895042 CET565157578111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:36.355957031 CET565157578111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:37.193021059 CET565157578111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:37.195931911 CET575785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:37.196006060 CET575785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:37.201775074 CET565157578111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:37.218641996 CET575795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:37.224425077 CET565157579111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:37.225907087 CET575795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:37.226288080 CET575795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:37.226299047 CET575795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:37.231601954 CET565157579111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:37.231713057 CET565157579111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:38.114893913 CET565157579111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:38.114969015 CET575795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:38.115008116 CET575795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:38.120696068 CET565157579111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:38.207925081 CET575805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:38.213607073 CET565157580111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:38.215931892 CET575805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:38.216206074 CET575805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:38.216206074 CET575805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:38.221688032 CET565157580111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:38.221745014 CET565157580111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:39.067023039 CET565157580111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:39.067116976 CET575805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.067214966 CET575805651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.073055029 CET565157580111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:39.088537931 CET575815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.094317913 CET565157581111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:39.094417095 CET575815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.094997883 CET575815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.095021963 CET575815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.100522995 CET565157581111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:39.100581884 CET565157581111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:39.187645912 CET575825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.193171024 CET565157582111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:39.193917036 CET575825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.194226027 CET575825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.194263935 CET575825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:39.200057983 CET565157582111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:39.200402975 CET565157582111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:40.362930059 CET565157581111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:40.363089085 CET575815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.363401890 CET575815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.364418983 CET565157582111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:40.364604950 CET575825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.364646912 CET575825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.367415905 CET565157581111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:40.367468119 CET575815651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.368691921 CET565157582111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:40.368742943 CET575825651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.373312950 CET565157581111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:40.373332024 CET565157582111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:40.409446001 CET575835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.414977074 CET565157583111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:40.415198088 CET575835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.418451071 CET575835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.418472052 CET575835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:40.424038887 CET565157583111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:40.424308062 CET565157583111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.243789911 CET565157569111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.243865967 CET575695651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.243984938 CET575695651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.251940966 CET565157569111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.252784014 CET565157583111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.252849102 CET575835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:41.252943039 CET575835651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:41.258702040 CET565157583111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.311491013 CET575845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:41.311556101 CET575855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.317243099 CET565157584111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.317490101 CET565157585111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.317559004 CET575845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:41.317559004 CET575855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.319644928 CET575845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:41.319668055 CET575845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:41.319668055 CET575855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.319679976 CET575855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.325056076 CET565157584111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.325071096 CET565157584111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.325083971 CET565157585111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.325189114 CET565157585111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.769351959 CET808057573111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.772088051 CET575738080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.772088051 CET575738080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.777709961 CET808057573111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.783720970 CET56515757465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.783788919 CET575745651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.783847094 CET575745651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.784125090 CET565157571111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.784249067 CET575715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.784249067 CET575715651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.790333033 CET56515757465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.790730000 CET565157571111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.792182922 CET80805757565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.792244911 CET575758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.792308092 CET575758080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.798599005 CET80805757565.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.801719904 CET8057570111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.805890083 CET5757080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.806653023 CET5757080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.812000990 CET8057570111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.815916061 CET575868080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.817445993 CET5758780192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.817548037 CET575885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.817739010 CET575895651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.821723938 CET808057586111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.823043108 CET8057587111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.823138952 CET575868080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.823407888 CET5758780192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.823420048 CET575868080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.823420048 CET575868080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.823461056 CET5758780192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.823467016 CET56515758865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.823494911 CET5758780192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.823498964 CET565157589111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.823527098 CET575885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.823566914 CET575895651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.823842049 CET575895651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.823842049 CET575895651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.823870897 CET575885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.823894024 CET575885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.828939915 CET808057586111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.828954935 CET808057586111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.828972101 CET8057587111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.828985929 CET8057587111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.829186916 CET565157589111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.829200029 CET565157589111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.829714060 CET56515758865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.834237099 CET56515758865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.839099884 CET575908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.844670057 CET80805759065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.844913960 CET575908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.845129967 CET575908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.845155954 CET575908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:41.850724936 CET80805759065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.850776911 CET80805759065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.921309948 CET5759180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.927093029 CET8057591111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.927937984 CET5759180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.928261995 CET5759180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.928280115 CET5759180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:41.934099913 CET8057591111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:41.934283972 CET8057591111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:42.184453011 CET565157584111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:42.185910940 CET575845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:42.185955048 CET575845651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:42.193156004 CET565157584111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:42.260401011 CET575925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:42.570009947 CET565157592111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:42.571486950 CET575925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:42.894351959 CET575925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:42.894351959 CET575925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:42.899827957 CET565157592111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:42.899935007 CET565157592111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:43.417526960 CET565157592111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:43.417964935 CET575925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:43.418148994 CET575925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:43.424009085 CET565157592111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:43.451227903 CET575935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:43.457153082 CET565157593111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:43.458924055 CET575935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:43.458924055 CET575935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:43.461841106 CET575935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:43.464806080 CET565157593111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:43.467159033 CET565157593111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:44.299704075 CET565157593111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:44.301925898 CET575935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:44.302150965 CET575935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:44.307832003 CET565157593111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:44.346391916 CET575945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:44.352907896 CET565157594111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:44.352991104 CET575945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:44.353257895 CET575945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:44.353313923 CET575945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:44.358700991 CET565157594111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:44.358764887 CET565157594111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:45.197101116 CET565157594111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:45.197279930 CET575945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:45.197427034 CET575945651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:45.203016043 CET565157594111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:45.313908100 CET575955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:45.319658995 CET565157595111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:45.319737911 CET575955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:45.319924116 CET575955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:45.319937944 CET575955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:45.325804949 CET565157595111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:45.326040983 CET565157595111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:46.205249071 CET565157595111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:46.205393076 CET575955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:46.205393076 CET575955651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:46.211075068 CET565157595111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:46.296019077 CET575965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:46.301525116 CET565157596111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:46.301678896 CET575965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:46.302539110 CET575965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:46.302576065 CET575965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:46.308052063 CET565157596111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:46.308322906 CET565157596111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:47.130217075 CET565157596111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:47.130317926 CET575965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:47.130372047 CET575965651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:47.135700941 CET565157596111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:47.179646015 CET575975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:47.185370922 CET565157597111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:47.185446978 CET575975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:47.185628891 CET575975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:47.185642958 CET575975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:47.191097975 CET565157597111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:47.191724062 CET565157597111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:48.025511980 CET565157597111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:48.025966883 CET575975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:48.029870033 CET575975651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:48.036251068 CET565157597111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:48.052376032 CET575985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:48.057869911 CET565157598111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:48.058290005 CET575985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:48.060792923 CET575985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:48.060792923 CET575985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:48.066370964 CET565157598111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:48.066404104 CET565157598111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:48.950241089 CET565157598111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:48.954056025 CET575985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:48.954056025 CET575985651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:48.959950924 CET565157598111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.048207045 CET575995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.054188013 CET565157599111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.055675983 CET575995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.056724072 CET575995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.057004929 CET575995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.064116955 CET565157599111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.064368010 CET565157599111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.803774118 CET565157585111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.806024075 CET575855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:49.806024075 CET575855651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:49.811645031 CET565157585111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.888483047 CET565157599111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.888565063 CET575995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.888736010 CET575995651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.894278049 CET565157599111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.914354086 CET576005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.916042089 CET576015651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:49.920090914 CET565157600111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.920165062 CET576005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.920934916 CET576005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.920967102 CET576005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:49.921761990 CET565157601111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.921837091 CET576015651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:49.922679901 CET576015651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:49.922691107 CET576015651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:49.926352978 CET565157600111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.926543951 CET565157600111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.928143024 CET565157601111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:49.928276062 CET565157601111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.014672041 CET576025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.020317078 CET565157602111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.025909901 CET576025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.026170015 CET576025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.026180029 CET576025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.031599998 CET565157602111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.031759024 CET565157602111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.299956083 CET56515758865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.304353952 CET575885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.304354906 CET575885651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.305819988 CET565157589111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.305882931 CET575895651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.305922985 CET575895651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.307238102 CET808057586111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.307348013 CET575868080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.307394981 CET575868080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.307522058 CET8057587111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.307754040 CET5758780192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.308120012 CET5758780192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.309808969 CET56515758865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.311382055 CET565157589111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.312724113 CET808057586111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.313882113 CET8057587111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.321557045 CET80805759065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.321634054 CET575908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.321681976 CET575908080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.327162981 CET80805759065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.357171059 CET576038080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.358890057 CET576045651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.362287998 CET5760580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.362632036 CET808057603111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.362667084 CET576065651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.362694025 CET576038080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.363826036 CET576038080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.363837957 CET576038080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.364454031 CET565157604111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.364547014 CET576045651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.365151882 CET576045651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.365164995 CET576045651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.367786884 CET8057605111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.367846012 CET5760580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.368216991 CET56515760665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.368259907 CET576065651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.369302034 CET808057603111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.369329929 CET808057603111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.370524883 CET565157604111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.370574951 CET565157604111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.373140097 CET5760580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.373157024 CET5760580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.373508930 CET576065651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.373528957 CET576065651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.374826908 CET576078080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.379085064 CET8057605111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.379129887 CET8057605111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.379230976 CET56515760665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.379244089 CET56515760665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.380171061 CET80805760765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.380225897 CET576078080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.382688999 CET576078080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.382724047 CET576078080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:50.388155937 CET80805760765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.388339043 CET80805760765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.416601896 CET8057591111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.417866945 CET5759180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.417866945 CET5759180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.423343897 CET8057591111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.449845076 CET5760880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.455435038 CET8057608111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.457923889 CET5760880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.458187103 CET5760880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.458201885 CET5760880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:50.464848995 CET8057608111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.466376066 CET8057608111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.766540051 CET565157600111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.766853094 CET576005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.767071009 CET576005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.772442102 CET565157600111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.783061028 CET576095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.788769007 CET565157609111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.788837910 CET576095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.789156914 CET576095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.789176941 CET576095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.794615984 CET565157609111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.794713020 CET565157609111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.857144117 CET565157602111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.857357979 CET576025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.857403040 CET576025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.862938881 CET565157602111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.890609026 CET576105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.896208048 CET565157610111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.896280050 CET576105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.897571087 CET576105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.897581100 CET576105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:50.903040886 CET565157610111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:50.903218031 CET565157610111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:51.695735931 CET565157609111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:51.697915077 CET576095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:51.697951078 CET576095651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:51.703643084 CET565157609111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:51.738435030 CET565157610111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:51.738502026 CET576105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:51.738806963 CET576105651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:51.744395971 CET565157610111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:51.768018007 CET576115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:51.773426056 CET565157611111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:51.773494005 CET576115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:51.774226904 CET576115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:51.774245024 CET576115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:51.779671907 CET565157611111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:51.780018091 CET565157611111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:52.635200024 CET565157611111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:52.635343075 CET576115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:52.640964031 CET576115651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:52.646424055 CET565157611111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:52.750129938 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:52.755574942 CET565157612111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:52.755747080 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:52.756181955 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:52.756357908 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:52.761612892 CET565157612111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:52.762167931 CET565157612111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:53.580771923 CET565157612111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:53.580846071 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:53.580912113 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:53.625528097 CET576135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:54.008786917 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:54.640388966 CET565157612111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:54.640461922 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:54.642164946 CET565157612111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:54.642209053 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:54.646152020 CET565157612111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:54.646245003 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:54.648175955 CET565157612111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:54.648247004 CET565157613111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:54.648308992 CET576135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:54.648384094 CET565157612111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:54.648432016 CET576125651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:54.649988890 CET576135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:54.650182009 CET576135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:54.655524969 CET565157613111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:54.655580997 CET565157613111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:55.660752058 CET565157613111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:55.661926985 CET576135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:55.661978960 CET576135651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:55.667421103 CET565157613111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:55.704088926 CET576145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:55.709625006 CET565157614111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:55.714258909 CET576145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:55.725248098 CET576145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:55.725285053 CET576145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:55.730750084 CET565157614111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:55.730840921 CET565157614111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:56.561582088 CET565157614111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:56.561670065 CET576145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:56.561708927 CET576145651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:56.567106962 CET565157614111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:56.582540989 CET576155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:56.588268995 CET565157615111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:56.589916945 CET576155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:56.590102911 CET576155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:56.590111971 CET576155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:56.595398903 CET565157615111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:56.595443964 CET565157615111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:57.422267914 CET565157615111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:57.422352076 CET576155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.422713995 CET576155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.428232908 CET565157615111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:57.856244087 CET576165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.861969948 CET565157616111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:57.862055063 CET576165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.890551090 CET576165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.890597105 CET576165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.891593933 CET576175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.896089077 CET565157616111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:57.896174908 CET565157616111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:57.897201061 CET565157617111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:57.897927999 CET576175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.899566889 CET576175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.899566889 CET576175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:57.905045986 CET565157617111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:57.905231953 CET565157617111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:58.397349119 CET565157601111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:58.397443056 CET576015651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:58.397542953 CET576015651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:58.402964115 CET565157601111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:58.437788010 CET576185651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:58.443299055 CET565157618111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:58.444679976 CET576185651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:58.445523024 CET576185651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:58.445543051 CET576185651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:58.451029062 CET565157618111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:58.451044083 CET565157618111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.086318970 CET565157616111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.086472988 CET565157617111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.086483002 CET576165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.086556911 CET576175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.086633921 CET576165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.086899996 CET576175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.087258101 CET808057603111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.087308884 CET565157604111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.087327957 CET56515760665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.087332010 CET576038080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.087340117 CET8057605111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.087389946 CET576045651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.087394953 CET576065651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.087414980 CET5760580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.087457895 CET80805760765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.087776899 CET576078080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.087835073 CET8057608111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.087846041 CET565157616111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.087899923 CET576165651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.087934017 CET565157617111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.087966919 CET5760880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.088000059 CET576175651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.088772058 CET808057603111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.088865042 CET565157604111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.088875055 CET8057605111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.088922024 CET56515760665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.088926077 CET576038080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.088932037 CET80805760765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.088942051 CET5760580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.088948011 CET576045651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.088970900 CET576078080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.088973045 CET576065651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.090420961 CET576038080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.091718912 CET576045651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.092463017 CET576065651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.092837095 CET5760580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.093059063 CET565157616111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.093168020 CET565157617111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.094202995 CET576078080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.094335079 CET5760880192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.097938061 CET808057603111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.097948074 CET565157604111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.098159075 CET56515760665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.098191977 CET8057605111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.099515915 CET80805760765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.100156069 CET8057608111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.124469995 CET576195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.129964113 CET565157619111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.130157948 CET576195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.131191969 CET576195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.131205082 CET576195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.136676073 CET565157619111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.136692047 CET565157619111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.225807905 CET576205651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.226641893 CET5762180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.227047920 CET576228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.227404118 CET576248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.227467060 CET576235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.227988958 CET576255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.231518984 CET565157620111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.231622934 CET576205651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.232197046 CET8057621111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.232274055 CET5762180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.232486963 CET808057622111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.232650042 CET576228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.232815981 CET80805762465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.232839108 CET56515762365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.232875109 CET576248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.232914925 CET576235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.233457088 CET565157625111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.233525991 CET576255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.233742952 CET576205651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.233742952 CET576205651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.233900070 CET5762180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.233922005 CET5762180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.233973980 CET576228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.233973980 CET576228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:54:59.234016895 CET576235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.234039068 CET576235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.234097958 CET576248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.234114885 CET576248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:54:59.234122038 CET576255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.234122038 CET576255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:54:59.239073992 CET565157620111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239192963 CET565157620111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239310980 CET8057621111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239329100 CET8057621111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239341974 CET808057622111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239351988 CET808057622111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239586115 CET56515762365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239630938 CET56515762365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239641905 CET80805762465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239653111 CET80805762465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239664078 CET565157625111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.239674091 CET565157625111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.985173941 CET565157619111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:54:59.985265970 CET576195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.048696041 CET576195651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.055344105 CET565157619111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:00.158878088 CET565157625111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:00.158962011 CET576255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.209599972 CET576255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.215255976 CET565157625111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:00.558228970 CET576265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.559042931 CET576275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.563714027 CET565157626111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:00.563791037 CET576265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.564203024 CET576265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.564229965 CET576265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.564430952 CET565157627111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:00.564543962 CET576275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.564963102 CET576275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.564981937 CET576275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:00.569602013 CET565157626111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:00.569674969 CET565157626111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:00.570555925 CET565157627111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:00.570566893 CET565157627111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:01.421833992 CET565157626111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:01.422334909 CET565157627111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:01.422440052 CET576265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:01.422530890 CET576265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:01.422533035 CET576275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:01.422569036 CET576275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:01.427985907 CET565157626111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:01.428172112 CET565157627111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:01.500509977 CET576285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:01.507066965 CET565157628111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:01.509954929 CET576285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:01.510541916 CET576285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:01.510557890 CET576285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:01.515954018 CET565157628111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:01.516489029 CET565157628111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:02.356909990 CET565157628111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:02.357471943 CET576285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:02.357580900 CET576285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:02.364178896 CET565157628111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:02.373843908 CET576295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:02.379450083 CET565157629111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:02.379530907 CET576295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:02.381369114 CET576295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:02.381378889 CET576295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:02.386992931 CET565157629111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:02.387069941 CET565157629111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:03.241028070 CET565157629111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:03.245938063 CET576295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:03.246525049 CET576295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:03.252012968 CET565157629111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:03.361749887 CET576305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:03.367290020 CET565157630111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:03.367367983 CET576305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:03.367702961 CET576305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:03.367702961 CET576305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:03.373394966 CET565157630111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:03.373476028 CET565157630111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:04.206639051 CET565157630111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:04.206713915 CET576305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:04.206769943 CET576305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:04.212214947 CET565157630111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:04.233241081 CET576315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:04.239511013 CET565157631111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:04.241969109 CET576315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:04.242227077 CET576315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:04.242239952 CET576315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:04.247832060 CET565157631111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:04.247870922 CET565157631111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:05.277767897 CET565157631111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:05.277934074 CET576315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:05.277934074 CET576315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:05.283360004 CET565157631111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:05.327709913 CET576325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:05.333256006 CET565157632111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:05.333353996 CET576325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:05.333784103 CET576325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:05.333795071 CET576325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:05.339165926 CET565157632111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:05.339176893 CET565157632111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.187975883 CET565157632111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.193953991 CET576325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.194019079 CET576325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.201173067 CET565157632111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.202183962 CET576335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.209739923 CET565157633111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.211982965 CET576335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.212275982 CET576335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.212294102 CET576335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.220269918 CET565157633111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.220438004 CET565157633111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.316102982 CET576345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.321798086 CET565157634111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.321939945 CET576345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.322278023 CET576345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.322278023 CET576345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:06.327656031 CET565157634111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.327728987 CET565157634111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.927180052 CET565157618111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:06.928817987 CET576185651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:06.948302031 CET576185651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:06.953972101 CET565157618111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.068470001 CET565157633111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.068593025 CET576335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:07.162992954 CET565157634111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.163352966 CET576345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:07.172898054 CET576335651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:07.178738117 CET565157633111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.180310011 CET576345651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:07.186135054 CET565157634111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.254647970 CET576355651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.255574942 CET576365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:07.260488987 CET565157635111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.260564089 CET576355651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.261077881 CET565157636111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.261681080 CET576365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:07.262124062 CET576355651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.262146950 CET576355651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.262526989 CET576365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:07.262542009 CET576365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:07.267426968 CET565157635111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.267537117 CET565157635111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.268178940 CET565157636111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.268290043 CET565157636111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.716160059 CET565157620111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.716226101 CET576205651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.716708899 CET576205651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.720561028 CET56515762365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.720722914 CET576235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.720834017 CET576235651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.721708059 CET808057622111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.721796989 CET576228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.722228050 CET565157620111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.722382069 CET576228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.726246119 CET56515762365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.727739096 CET808057622111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.731756926 CET8057621111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.732485056 CET80805762465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.732961893 CET576248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.732964039 CET5762180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.732999086 CET5762180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.733228922 CET576248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.737482071 CET576378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.738315105 CET8057621111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.738486052 CET80805762465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.738749981 CET576385651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.739074945 CET576395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.742978096 CET808057637111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.744282007 CET565157638111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.744601965 CET56515763965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.744707108 CET576378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.744903088 CET576395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.744908094 CET576385651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.745107889 CET576385651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.745107889 CET576385651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.745136023 CET576378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.745148897 CET576378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.745179892 CET576395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.745179892 CET576395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.750621080 CET565157638111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.750658035 CET565157638111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.750669956 CET808057637111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.750679016 CET808057637111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.750688076 CET56515763965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.750699043 CET56515763965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.847325087 CET576408080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.847351074 CET5764180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.853094101 CET80805764065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.853121042 CET8057641111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.853163958 CET576408080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.853202105 CET5764180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.854511023 CET576408080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.854533911 CET576408080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:07.855849981 CET5764180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.855900049 CET5764180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:07.860425949 CET80805764065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.860441923 CET80805764065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.861269951 CET8057641111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:07.861282110 CET8057641111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:08.098117113 CET565157636111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:08.098225117 CET576365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:08.098273039 CET576365651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:08.103756905 CET565157636111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:08.197108030 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:08.202724934 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:08.202827930 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:08.203301907 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:08.203340054 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:08.208667994 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:08.208682060 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:09.930185080 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:09.930345058 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:09.930389881 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:09.930730104 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:09.930931091 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:09.931215048 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:09.931282043 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:10.034662008 CET576435651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:10.253621101 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:10.984899998 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:10.985977888 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:10.987741947 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:10.987821102 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:10.991317987 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:10.991333008 CET565157643111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:10.991344929 CET565157642111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:10.991476059 CET576435651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:10.991483927 CET576425651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:10.991719007 CET576435651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:10.991719007 CET576435651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:11.273416996 CET565157643111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:11.273432970 CET565157643111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:12.136101007 CET565157643111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:12.136164904 CET576435651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:12.144922972 CET576435651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:12.150465012 CET565157643111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:12.484057903 CET576445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:12.489785910 CET565157644111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:12.489888906 CET576445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:12.512598038 CET576445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:12.512646914 CET576445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:12.518204927 CET565157644111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:12.518217087 CET565157644111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:13.325411081 CET565157644111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:13.325480938 CET576445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:13.331754923 CET576445651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:13.337239981 CET565157644111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:13.421216965 CET576455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:13.426801920 CET565157645111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:13.429964066 CET576455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:13.430164099 CET576455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:13.430175066 CET576455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:13.435472012 CET565157645111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:13.435798883 CET565157645111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:14.290216923 CET565157645111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:14.293962955 CET576455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:14.294004917 CET576455651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:14.299386978 CET565157645111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:14.411012888 CET576465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:14.416585922 CET565157646111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:14.416670084 CET576465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:14.417728901 CET576465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:14.417728901 CET576465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:14.423218966 CET565157646111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:14.423228979 CET565157646111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.261048079 CET565157646111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.261112928 CET576465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:15.261162043 CET576465651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:15.266587019 CET565157646111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.279583931 CET576475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:15.285073996 CET565157647111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.285963058 CET576475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:15.286181927 CET576475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:15.286195040 CET576475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:15.291613102 CET565157647111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.292042971 CET565157647111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.743535995 CET565157635111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.744452000 CET576355651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:15.744452953 CET576355651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:15.749866009 CET565157635111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.836882114 CET576485651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:15.842380047 CET565157648111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.842458010 CET576485651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:15.843126059 CET576485651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:15.843126059 CET576485651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:15.848501921 CET565157648111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:15.848617077 CET565157648111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.164202929 CET565157647111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.164330959 CET576475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:16.164375067 CET576475651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:16.169727087 CET565157647111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.240547895 CET808057637111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.240612030 CET576378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.240706921 CET565157638111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.240708113 CET576378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.240777969 CET576385651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.241153002 CET576385651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.241352081 CET56515763965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.241451025 CET576395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.242496014 CET576395651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.246114016 CET808057637111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.246854067 CET565157638111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.248105049 CET56515763965.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.267807007 CET576495651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.268596888 CET576505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:16.268942118 CET576515651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.269076109 CET576528080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.273576975 CET565157649111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.273956060 CET576495651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.274185896 CET576495651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.274195910 CET576495651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.274926901 CET565157650111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.274966955 CET56515765165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.275029898 CET576505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:16.275382996 CET576505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:16.275382996 CET576515651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.275393963 CET576505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:16.275404930 CET808057652111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.275435925 CET576515651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.275464058 CET576515651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.275474072 CET576528080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.275650978 CET576528080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.277908087 CET576528080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.279520988 CET565157649111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.279921055 CET565157649111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.281056881 CET565157650111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.281474113 CET565157650111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.281483889 CET56515765165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.281491995 CET56515765165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.281538963 CET808057652111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.284351110 CET808057652111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.330569029 CET80805764065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.334009886 CET576408080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.337905884 CET576408080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.344465017 CET80805764065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.363811970 CET8057641111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.363878012 CET5764180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.363964081 CET5764180192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.371105909 CET8057641111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.381263971 CET576538080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.381453991 CET5765480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.388164997 CET80805765365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.388276100 CET576538080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.388523102 CET8057654111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.388582945 CET5765480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.388957977 CET576538080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.389087915 CET576538080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:16.389132977 CET5765480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.389194012 CET5765480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:16.395855904 CET80805765365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.395865917 CET80805765365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.395875931 CET8057654111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:16.395893097 CET8057654111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:17.172199011 CET565157650111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:17.172307014 CET576505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:17.172399044 CET576505651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:17.177938938 CET565157650111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:17.262124062 CET576555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:17.267784119 CET565157655111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:17.267863989 CET576555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:17.268121958 CET576555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:17.268146992 CET576555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:17.273644924 CET565157655111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:17.273663044 CET565157655111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:18.128192902 CET565157655111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:18.128319979 CET576555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:18.128766060 CET576555651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:18.134260893 CET565157655111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:18.236048937 CET576565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:18.241545916 CET565157656111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:18.241625071 CET576565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:18.242361069 CET576565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:18.242361069 CET576565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:18.247694969 CET565157656111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:18.247772932 CET565157656111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:19.107229948 CET565157656111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:19.107331038 CET576565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:19.107404947 CET576565651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:19.112741947 CET565157656111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:19.217561007 CET576575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:19.223170996 CET565157657111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:19.225982904 CET576575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:19.226227999 CET576575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:19.226241112 CET576575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:19.231615067 CET565157657111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:19.231630087 CET565157657111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:20.065246105 CET565157657111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:20.065314054 CET576575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:20.065349102 CET576575651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:20.070848942 CET565157657111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:20.099169970 CET576585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:20.105051041 CET565157658111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:20.105144024 CET576585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:20.109872103 CET576585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:20.109910965 CET576585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:20.115223885 CET565157658111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:20.115362883 CET565157658111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:20.979286909 CET565157658111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:20.979360104 CET576585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:20.979495049 CET576585651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:20.985002995 CET565157658111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:21.081998110 CET576595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:21.087640047 CET565157659111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:21.087836981 CET576595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:21.089050055 CET576595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:21.089162111 CET576595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:21.094526052 CET565157659111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:21.094604015 CET565157659111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:21.951904058 CET565157659111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:21.952189922 CET576595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:21.955971003 CET576595651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:21.961801052 CET565157659111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:22.065855026 CET576605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.071722031 CET565157660111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:22.071894884 CET576605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.072792053 CET576605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.072792053 CET576605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.078228951 CET565157660111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:22.078268051 CET565157660111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:22.907846928 CET565157660111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:22.907946110 CET576605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.908436060 CET576605651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.913748026 CET565157660111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:22.946309090 CET576615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.951827049 CET565157661111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:22.951901913 CET576615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.952239990 CET576615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.952258110 CET576615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:22.957645893 CET565157661111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:22.957792044 CET565157661111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:23.792844057 CET565157661111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:23.792931080 CET576615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:24.003910065 CET576615651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:24.009633064 CET565157661111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.094785929 CET576625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:24.100290060 CET565157662111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.100466013 CET576625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:24.100795984 CET576625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:24.100795984 CET576625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:24.106199980 CET565157662111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.106750011 CET565157662111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.333111048 CET565157648111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.336762905 CET576485651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.336822987 CET576485651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.342291117 CET565157648111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.365834951 CET576635651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.371233940 CET565157663111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.371310949 CET576635651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.372086048 CET576635651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.372086048 CET576635651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.377382040 CET565157663111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.377393961 CET565157663111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.757841110 CET56515765165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.758008957 CET576515651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.758061886 CET576515651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.758774996 CET565157649111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.758876085 CET576495651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.759568930 CET576495651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.763221025 CET808057652111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.763353109 CET576528080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.763381004 CET56515765165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.764364958 CET576528080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.764826059 CET565157649111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.769696951 CET808057652111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.803878069 CET576648080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.805562019 CET576655651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.805888891 CET576665651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.809376001 CET808057664111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.809492111 CET576648080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.809674978 CET576648080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.809699059 CET576648080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.810962915 CET565157665111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.811032057 CET576655651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.811249018 CET576655651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.811275005 CET56515766665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.811307907 CET576655651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.811337948 CET576665651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.811486959 CET576665651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.811503887 CET576665651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.814975023 CET808057664111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.814990997 CET808057664111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.816570044 CET565157665111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.816593885 CET565157665111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.816766024 CET56515766665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.816778898 CET56515766665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.873861074 CET80805765365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.873980999 CET576538080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.874114990 CET576538080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.879430056 CET80805765365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.910729885 CET8057654111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.911983013 CET5765480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.912029028 CET5765480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:24.916444063 CET576678080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.917383909 CET8057654111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.921776056 CET80805766765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.923998117 CET576678080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.924202919 CET576678080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.924222946 CET576678080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:24.929483891 CET80805766765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.929514885 CET80805766765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.971890926 CET565157662111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:24.972443104 CET576625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:24.972565889 CET576625651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:24.977843046 CET565157662111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.017044067 CET576685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.022581100 CET565157668111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.022795916 CET576685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.023077965 CET576685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.023088932 CET576685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.028431892 CET565157668111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.028446913 CET565157668111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.029341936 CET5766980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:25.034859896 CET8057669111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.034921885 CET5766980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:25.035443068 CET5766980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:25.035465002 CET5766980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:25.040755987 CET8057669111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.040770054 CET8057669111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.864686012 CET565157668111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.864866018 CET576685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.864911079 CET576685651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.870537043 CET565157668111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.892558098 CET576705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.898252010 CET565157670111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.898324966 CET576705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.898621082 CET576705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.898633003 CET576705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:25.903980970 CET565157670111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:25.904426098 CET565157670111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:26.755520105 CET565157670111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:26.755624056 CET576705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:26.755901098 CET576705651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:26.762573957 CET565157670111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:26.770267963 CET576715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:26.775834084 CET565157671111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:26.775911093 CET576715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:26.787545919 CET576715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:26.787573099 CET576715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:26.793061972 CET565157671111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:26.793107033 CET565157671111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:27.597908974 CET565157671111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:27.597995043 CET576715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:27.598095894 CET576715651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:27.603585958 CET565157671111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:27.642432928 CET576725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:27.648725986 CET565157672111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:27.648818970 CET576725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:27.650197029 CET576725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:27.650243044 CET576725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:27.655710936 CET565157672111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:27.655777931 CET565157672111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:28.492063046 CET565157672111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:28.494029999 CET576725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:28.497921944 CET576725651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:28.503446102 CET565157672111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:28.522308111 CET576735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:28.527884007 CET565157673111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:28.528093100 CET576735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:28.528520107 CET576735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:28.528618097 CET576735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:28.533934116 CET565157673111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:28.534259081 CET565157673111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:29.376666069 CET565157673111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:29.376849890 CET576735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:29.376945019 CET576735651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:29.382368088 CET565157673111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:29.393249989 CET576745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:29.398955107 CET565157674111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:29.399019957 CET576745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:29.399338007 CET576745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:29.399477005 CET576745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:29.404778004 CET565157674111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:29.405004978 CET565157674111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:30.253972054 CET565157674111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:30.256289959 CET576745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.256371975 CET576745651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.261753082 CET565157674111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:30.267712116 CET576755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.276175022 CET565157675111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:30.280261993 CET576755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.280433893 CET576755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.280433893 CET576755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.285967112 CET565157675111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:30.286179066 CET565157675111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:30.377060890 CET576765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.382730961 CET565157676111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:30.384560108 CET576765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.384761095 CET576765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.384772062 CET576765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:30.390311003 CET565157676111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:30.390342951 CET565157676111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.110655069 CET565157675111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.110824108 CET576755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.112771034 CET576755651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.122615099 CET565157675111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.241957903 CET565157676111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.242574930 CET576765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.489217997 CET576765651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.503494024 CET576775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.593691111 CET576785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.745213032 CET565157676111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.745224953 CET565157677111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.745237112 CET565157678111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.745318890 CET576775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.745347977 CET576785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.749351978 CET576775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.749373913 CET576785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.749375105 CET576785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.749412060 CET576775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:31.754853964 CET565157677111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.754865885 CET565157678111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.754883051 CET565157678111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:31.754893064 CET565157677111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.597542048 CET565157678111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.597614050 CET576785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:32.597731113 CET576785651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:32.603319883 CET565157677111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.603450060 CET576775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:32.603450060 CET576775651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:32.603748083 CET565157678111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.608969927 CET565157677111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.680619001 CET576795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:32.686156988 CET565157679111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.686229944 CET576795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:32.686614037 CET576795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:32.686614037 CET576795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:32.691997051 CET565157679111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.692049980 CET565157679111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.855442047 CET565157663111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.855513096 CET576635651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:32.855623007 CET576635651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:32.861094952 CET565157663111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.894239902 CET576805651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:32.899698019 CET565157680111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:32.901983976 CET576805651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:32.902234077 CET576805651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:32.902244091 CET576805651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.243360996 CET576805651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.398302078 CET565157680111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.398317099 CET565157680111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.398761034 CET808057664111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.398837090 CET576648080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.398911953 CET56515766665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.398925066 CET565157665111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.398998976 CET576665651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.399028063 CET576655651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.399209976 CET576648080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.399782896 CET565157680111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.399840117 CET576665651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.400568008 CET576655651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.405869007 CET808057664111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.406584024 CET56515766665.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.407320976 CET565157665111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.413821936 CET80805766765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.413917065 CET576678080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.413948059 CET576678080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.420722961 CET80805766765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.436229944 CET576818080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.438700914 CET576828080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.438913107 CET576835651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.441638947 CET808057681111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.444541931 CET80805768265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.444668055 CET576818080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.444736004 CET56515768365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.444765091 CET576828080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.444967031 CET576818080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.444989920 CET576818080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.445007086 CET576835651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.445130110 CET576828080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.445141077 CET576828080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.445182085 CET576835651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.445190907 CET576835651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:33.450632095 CET808057681111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.450643063 CET808057681111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.450663090 CET80805768265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.450671911 CET80805768265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.450680971 CET56515768365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.450690985 CET56515768365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.455686092 CET576845651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.461124897 CET565157684111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.461256027 CET576845651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.461679935 CET576845651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.461940050 CET576845651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.467233896 CET565157684111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.467374086 CET565157684111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.523464918 CET8057669111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.523827076 CET5766980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.523961067 CET5766980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.527784109 CET565157679111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.527857065 CET576795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:33.528069973 CET576795651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:33.529455900 CET8057669111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.533452988 CET565157679111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.563122034 CET5768580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.563302994 CET576865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:33.568599939 CET8057685111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.568670988 CET5768580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.568842888 CET565157686111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.568897009 CET576865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:33.571589947 CET5768580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.571616888 CET5768580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:33.571640968 CET576865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:33.571651936 CET576865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:33.577033043 CET8057685111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.577044010 CET8057685111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.577053070 CET565157686111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:33.577061892 CET565157686111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:35.477894068 CET565157686111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:35.477957010 CET576865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:35.478470087 CET576865651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:35.483820915 CET565157686111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:35.517273903 CET576875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:35.522751093 CET565157687111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:35.525990009 CET576875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:35.526259899 CET576875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:35.529930115 CET576875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:35.531570911 CET565157687111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:35.535626888 CET565157687111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:36.366384983 CET565157687111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:36.366478920 CET576875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:36.366600990 CET576875651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:36.372186899 CET565157687111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:36.396744967 CET576885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:36.402245998 CET565157688111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:36.402364969 CET576885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:36.402616978 CET576885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:36.402616978 CET576885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:36.407933950 CET565157688111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:36.407952070 CET565157688111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:37.432614088 CET565157688111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:37.436058998 CET576885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:37.436100006 CET576885651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:37.444120884 CET565157688111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:37.489810944 CET576895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:37.495264053 CET565157689111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:37.495338917 CET576895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:37.496407986 CET576895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:37.496429920 CET576895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:37.501770973 CET565157689111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:37.501827002 CET565157689111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:38.359383106 CET565157689111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:38.359558105 CET576895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:38.359612942 CET576895651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:38.365509987 CET565157689111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:38.473944902 CET576905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:38.479396105 CET565157690111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:38.480036974 CET576905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:38.480732918 CET576905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:38.480763912 CET576905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:38.486114025 CET565157690111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:38.486124039 CET565157690111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:39.328063011 CET565157690111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:39.328218937 CET576905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:39.328555107 CET576905651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:39.333858967 CET565157690111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:39.346208096 CET576915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:39.351722956 CET565157691111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:39.352771997 CET576915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:39.354170084 CET576915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:39.354525089 CET576915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:39.359616041 CET565157691111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:39.359873056 CET565157691111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:40.428597927 CET565157691111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:40.429996014 CET576915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:40.430171013 CET576915651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:40.435918093 CET565157691111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:40.500030994 CET576925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:40.505599022 CET565157692111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:40.505682945 CET576925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:40.507343054 CET576925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:40.507380962 CET576925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:40.512813091 CET565157692111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:40.512959003 CET565157692111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.408308029 CET565157692111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.408387899 CET576925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:41.408510923 CET576925651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:41.413847923 CET565157692111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.431305885 CET576935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:41.436774015 CET565157693111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.436846972 CET576935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:41.437916040 CET576935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:41.437964916 CET576935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:41.443758965 CET565157693111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.443789005 CET565157693111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.620083094 CET565157680111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.624319077 CET576805651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.624423027 CET576805651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.630069017 CET565157680111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.640815973 CET576945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.647910118 CET565157694111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.648013115 CET576945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.648478985 CET576945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.648515940 CET576945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.653888941 CET565157694111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.654061079 CET565157694111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.927382946 CET56515768365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.927623987 CET576835651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:41.927623987 CET576835651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:41.930296898 CET808057681111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.930529118 CET80805768265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.930632114 CET576818080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.930638075 CET576828080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:41.933170080 CET56515768365.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.934572935 CET576818080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.940244913 CET808057681111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.941255093 CET576828080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:41.944281101 CET565157684111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.944340944 CET576845651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.944698095 CET576845651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:41.946613073 CET80805768265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.950102091 CET565157684111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:41.999898911 CET576955651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.000572920 CET576968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.001326084 CET576975651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:42.001960039 CET576988080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:42.005274057 CET565157695111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.005369902 CET576955651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.005820990 CET576955651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.005832911 CET576955651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.006242037 CET808057696111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.006688118 CET56515769765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.006762981 CET576968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.007397890 CET80805769865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.007425070 CET576975651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:42.007425070 CET576975651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:42.007477045 CET576988080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:42.007486105 CET576975651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:42.007833958 CET576968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.007848978 CET576968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.007951021 CET576988080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:42.007967949 CET576988080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:42.011270046 CET565157695111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.011300087 CET565157695111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.013093948 CET56515769765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.013123035 CET56515769765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.013183117 CET808057696111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.013231993 CET808057696111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.013314009 CET80805769865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.013341904 CET80805769865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.060070038 CET8057685111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.060134888 CET5768580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.060275078 CET5768580192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.065557003 CET8057685111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.085436106 CET5769980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.090881109 CET8057699111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.090980053 CET5769980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.091443062 CET5769980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.091466904 CET5769980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:42.096838951 CET8057699111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.096849918 CET8057699111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.304445982 CET565157693111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.306018114 CET576935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:42.306714058 CET576935651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:42.318114996 CET565157693111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.421386003 CET577005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:42.427076101 CET565157700111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.427165031 CET577005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:42.430066109 CET577005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:42.430066109 CET577005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:42.435522079 CET565157700111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:42.435543060 CET565157700111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:43.267997026 CET565157700111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:43.268167019 CET577005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:43.268309116 CET577005651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:43.274039030 CET565157700111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:43.290904045 CET577015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:43.296483040 CET565157701111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:43.296664953 CET577015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:43.297317028 CET577015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:43.297341108 CET577015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:43.302767992 CET565157701111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:43.302799940 CET565157701111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:44.156317949 CET565157701111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:44.156409025 CET577015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:44.156461954 CET577015651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:44.161886930 CET565157701111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:44.268045902 CET577025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:44.274211884 CET565157702111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:44.278003931 CET577025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:44.278511047 CET577025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:44.278563023 CET577025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:44.284013987 CET565157702111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:44.284037113 CET565157702111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:45.113203049 CET565157702111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:45.113259077 CET577025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:45.113395929 CET577025651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:45.119043112 CET565157702111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:45.173218966 CET577035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:45.178750992 CET565157703111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:45.178832054 CET577035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:45.179788113 CET577035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:45.179836988 CET577035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:45.185066938 CET565157703111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:45.185142040 CET565157703111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:46.054337978 CET565157703111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:46.054421902 CET577035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:46.054522038 CET577035651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:46.059896946 CET565157703111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:46.124140978 CET577045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:46.129535913 CET565157704111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:46.129990101 CET577045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:46.130506039 CET577045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:46.130506039 CET577045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:46.136159897 CET565157704111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:46.136291981 CET565157704111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:47.035995007 CET565157704111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:47.040361881 CET577045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:47.040522099 CET577045651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:47.045926094 CET565157704111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:47.113388062 CET577055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:47.119568110 CET565157705111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:47.119637012 CET577055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:47.119832993 CET577055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:47.119844913 CET577055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:47.125322104 CET565157705111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:47.125348091 CET565157705111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:48.013828993 CET565157705111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:48.013895988 CET577055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:48.014206886 CET577055651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:48.019893885 CET565157705111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:48.131098986 CET577065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:48.136497021 CET565157706111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:48.136656046 CET577065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:48.143703938 CET577065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:48.143703938 CET577065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:48.149132967 CET565157706111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:48.149333954 CET565157706111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:48.985028982 CET565157706111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:48.985106945 CET577065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:48.985409021 CET577065651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:48.990766048 CET565157706111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:49.083731890 CET577075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:49.089102030 CET565157707111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:49.089207888 CET577075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:49.091377020 CET577075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:49.091984987 CET577075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:49.096693039 CET565157707111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:49.097398043 CET565157707111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.001378059 CET565157707111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.001440048 CET577075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:50.001724005 CET577075651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:50.007380962 CET565157707111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.065990925 CET577085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:50.071300030 CET565157708111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.072025061 CET577085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:50.072423935 CET577085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:50.072437048 CET577085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:50.077810049 CET565157708111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.078385115 CET565157708111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.159284115 CET565157694111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.159532070 CET576945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.159604073 CET576945651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.165339947 CET565157694111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.199753046 CET577095651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.205166101 CET565157709111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.205243111 CET577095651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.205662012 CET577095651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.205734015 CET577095651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.210941076 CET565157709111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.211327076 CET565157709111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.487494946 CET808057696111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.487588882 CET576968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.487668991 CET576968080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.490572929 CET80805769865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.490843058 CET576988080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.491086006 CET56515769765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.491163015 CET576975651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.491321087 CET576988080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.491559982 CET576975651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.493165970 CET808057696111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.497118950 CET80805769865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.497344971 CET56515769765.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.497844934 CET565157695111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.497895956 CET576955651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.498011112 CET576955651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.504045010 CET565157695111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.507771969 CET577108080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.508038998 CET577115651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.508574009 CET577128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.514169931 CET808057710111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.514389038 CET56515771165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.514489889 CET577108080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.514909029 CET80805771265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.514969110 CET577115651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.514969110 CET577128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.518253088 CET577108080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.518275976 CET577108080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.518349886 CET577128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.518349886 CET577128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.518369913 CET577115651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.518369913 CET577115651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:50.524245977 CET808057710111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.524292946 CET808057710111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.524310112 CET80805771265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.524322987 CET80805771265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.524337053 CET56515771165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.524350882 CET56515771165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.609337091 CET8057699111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.612436056 CET577135651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.617392063 CET5769980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.617392063 CET5769980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.617877007 CET565157713111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.621325016 CET577135651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.621325016 CET577135651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.621325016 CET577135651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.623677015 CET8057699111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.626687050 CET565157713111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.627161026 CET565157713111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.725207090 CET5771480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.730560064 CET8057714111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.731570959 CET5771480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.732460022 CET5771480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.732460022 CET5771480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:50.737811089 CET8057714111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.738584042 CET8057714111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.937148094 CET565157708111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:50.937446117 CET577085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:50.937633038 CET577085651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:55:50.943073988 CET565157708111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:55:58.704277039 CET565157709111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:58.704673052 CET577095651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:58.991465092 CET808057710111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:58.991606951 CET577108080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:58.997944117 CET80805771265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:58.998006105 CET577128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:59.004808903 CET56515771165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:55:59.004941940 CET577115651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:55:59.110699892 CET565157713111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:59.110793114 CET577135651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:55:59.401913881 CET8057714111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:55:59.401973963 CET5771480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.532526970 CET577095651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.535991907 CET577108080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.536870003 CET577115651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.537297010 CET577128080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.537981033 CET565157709111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.538630962 CET577135651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.539309978 CET5771480192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.541290998 CET808057710111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.542140007 CET56515771165.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.542668104 CET80805771265.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.543987036 CET565157713111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.544589043 CET8057714111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.551280022 CET577155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:01.556719065 CET565157715111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.556844950 CET577155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:01.557378054 CET577155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:01.557378054 CET577155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:01.558520079 CET577165651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.562853098 CET565157715111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.563014030 CET577178080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.563600063 CET565157715111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.564399958 CET565157716111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.564519882 CET577165651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.567187071 CET577165651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.567200899 CET577165651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.567334890 CET577185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.568377972 CET808057717111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.568470001 CET577178080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.568670034 CET577178080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.568712950 CET577178080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.569356918 CET5771980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.572459936 CET565157716111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.572686911 CET565157716111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.572696924 CET56515771865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.572817087 CET577185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.572983027 CET577185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.572983980 CET577185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.573951960 CET808057717111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.574409008 CET808057717111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.574650049 CET8057719111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.574830055 CET5771980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.575073004 CET5771980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.575073957 CET5771980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.578263998 CET56515771865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.578398943 CET56515771865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.580370903 CET8057719111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.580777884 CET8057719111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.593086004 CET577208080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.598460913 CET80805772065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.602123022 CET577208080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.602329969 CET577208080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.602341890 CET577208080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.607784986 CET80805772065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.608023882 CET80805772065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.664156914 CET577215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.666192055 CET577228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.668521881 CET5772380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.668818951 CET577248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.669728994 CET565157721111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.669810057 CET577215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.670109987 CET577215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.670109987 CET577215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.671545029 CET808057722111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.671603918 CET577228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.671916008 CET577228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.671982050 CET577228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.673823118 CET8057723111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.673901081 CET5772380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.674146891 CET80805772465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.674158096 CET5772380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.674168110 CET5772380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:01.674204111 CET577248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.674555063 CET577248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.674555063 CET577248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:01.675456047 CET565157721111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.675467014 CET565157721111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.677329063 CET808057722111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.677355051 CET808057722111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.679620981 CET8057723111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.679630041 CET8057723111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.679924965 CET80805772465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:01.680035114 CET80805772465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:02.434096098 CET565157715111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:02.434206963 CET577155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:02.434324980 CET577155651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:02.440155029 CET565157715111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:02.545298100 CET577255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:02.551224947 CET565157725111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:02.551769972 CET577255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:02.552031994 CET577255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:02.552031994 CET577255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:02.557554007 CET565157725111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:02.557566881 CET565157725111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:03.390162945 CET565157725111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:03.390324116 CET577255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:03.390495062 CET577255651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:03.396342039 CET565157725111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:03.408638954 CET577265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:03.414057970 CET565157726111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:03.414134026 CET577265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:03.414323092 CET577265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:03.414343119 CET577265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:03.419703007 CET565157726111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:03.419825077 CET565157726111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:04.307786942 CET565157726111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:04.308463097 CET577265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:04.308574915 CET577265651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:04.314141989 CET565157726111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:04.392580986 CET577275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:04.398605108 CET565157727111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:04.398947954 CET577275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:04.399323940 CET577275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:04.399323940 CET577275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:04.404633045 CET565157727111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:04.404644012 CET565157727111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:05.275285006 CET565157727111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:05.275422096 CET577275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:05.275422096 CET577275651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:05.281042099 CET565157727111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:05.378612041 CET577285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:05.384438038 CET565157728111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:05.386221886 CET577285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:05.386221886 CET577285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:05.387532949 CET577285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:05.391685963 CET565157728111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:05.392930031 CET565157728111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:06.264487028 CET565157728111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:06.264554024 CET577285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:06.264596939 CET577285651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:06.269937992 CET565157728111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:06.373328924 CET577295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:06.378746033 CET565157729111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:06.379122019 CET577295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:06.379257917 CET577295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:06.379309893 CET577295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:06.385072947 CET565157729111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:06.385083914 CET565157729111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:07.273118019 CET565157729111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:07.273205996 CET577295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:07.273315907 CET577295651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:07.278629065 CET565157729111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:07.344213009 CET577305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:07.349944115 CET565157730111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:07.350152969 CET577305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:07.350358963 CET577305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:07.350358963 CET577305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:07.355693102 CET565157730111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:07.355703115 CET565157730111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:08.203435898 CET565157730111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:08.203520060 CET577305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:08.203592062 CET577305651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:08.209007025 CET565157730111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:08.221653938 CET577315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:08.227087021 CET565157731111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:08.227159977 CET577315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:08.227407932 CET577315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:08.227407932 CET577315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:08.233326912 CET565157731111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:08.233700037 CET565157731111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:09.100191116 CET565157731111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:09.100418091 CET577315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:09.100449085 CET577315651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:09.105757952 CET565157731111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:09.203417063 CET577325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:09.208776951 CET565157732111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:09.208900928 CET577325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:09.209089994 CET577325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:09.209108114 CET577325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:09.214385986 CET565157732111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:09.214411020 CET565157732111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.044349909 CET565157716111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.044437885 CET577165651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.044477940 CET577165651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.050241947 CET565157716111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.050843000 CET808057717111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.050965071 CET577178080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.050965071 CET577178080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.056677103 CET808057717111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.064232111 CET56515771865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.064312935 CET577185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.064344883 CET577185651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.067471981 CET8057719111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.067572117 CET5771980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.067572117 CET5771980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.069674969 CET56515771865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.072912931 CET8057719111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.079598904 CET5773380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.081095934 CET565157732111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.081154108 CET577325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:10.081187963 CET577325651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:10.085825920 CET8057733111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.085910082 CET5773380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.086076975 CET5773380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.086076975 CET5773380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.086765051 CET565157732111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.091563940 CET8057733111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.091573954 CET8057733111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.094175100 CET80805772065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.094300985 CET577208080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.094300985 CET577208080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.099812031 CET80805772065.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.100271940 CET577345651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.100434065 CET577358080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.100563049 CET577365651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.106343031 CET56515773465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.106414080 CET577345651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.106431007 CET808057735111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.106442928 CET565157736111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.106498003 CET577365651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.106504917 CET577358080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.106853962 CET577345651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.106853962 CET577345651192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.106957912 CET577358080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.106986046 CET577358080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.107009888 CET577365651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.107009888 CET577365651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.113240957 CET56515773465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.113291979 CET56515773465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.113333941 CET808057735111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.113344908 CET808057735111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.113409996 CET565157736111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.113548040 CET565157736111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.148200035 CET808057722111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.148400068 CET577228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.148400068 CET577228080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.153834105 CET808057722111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.155261040 CET565157721111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.155335903 CET577215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.155385017 CET577215651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.157079935 CET80805772465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.157160997 CET577248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.157330990 CET577248080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.158229113 CET8057723111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.158313990 CET5772380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.158539057 CET5772380192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.160797119 CET565157721111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.162836075 CET80805772465.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.164319038 CET8057723111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.192773104 CET577378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.193886995 CET577405651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.193890095 CET5773980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.193954945 CET577388080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.194823027 CET577415651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:10.198679924 CET808057737111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.198753119 CET577378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.198978901 CET577378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.198978901 CET577378080192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.199947119 CET8057739111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.199959993 CET565157740111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.200036049 CET5773980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.200165033 CET80805773865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.200201035 CET577405651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.200227022 CET577388080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.200411081 CET5773980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.200411081 CET5773980192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.200437069 CET577405651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.200452089 CET577405651192.168.2.7111.90.140.51
                                                                                                Oct 29, 2024 16:56:10.200459957 CET577388080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.200474024 CET577388080192.168.2.765.21.245.7
                                                                                                Oct 29, 2024 16:56:10.200903893 CET565157741111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.200963974 CET577415651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:10.201131105 CET577415651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:10.201142073 CET577415651192.168.2.7111.90.140.34
                                                                                                Oct 29, 2024 16:56:10.204972029 CET808057737111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.205598116 CET808057737111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.206818104 CET8057739111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.206829071 CET8057739111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.206834078 CET565157740111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.206836939 CET565157740111.90.140.51192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.206844091 CET80805773865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.206846952 CET80805773865.21.245.7192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.207166910 CET565157741111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:10.207833052 CET565157741111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:11.046618938 CET565157741111.90.140.34192.168.2.7
                                                                                                Oct 29, 2024 16:56:11.046897888 CET577415651192.168.2.7111.90.140.34

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Oct 29, 2024 16:51:49.473534107 CET6489653192.168.2.71.1.1.1
                                                                                                Oct 29, 2024 16:51:56.707535028 CET5513853192.168.2.71.1.1.1
                                                                                                Oct 29, 2024 16:52:03.560512066 CET53556371.1.1.1192.168.2.7

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Oct 29, 2024 16:51:49.473534107 CET192.168.2.71.1.1.10x4b1Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                Oct 29, 2024 16:51:56.707535028 CET192.168.2.71.1.1.10x4b0Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Oct 29, 2024 16:51:49.481267929 CET1.1.1.1192.168.2.70x4b1No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Oct 29, 2024 16:51:56.716756105 CET1.1.1.1192.168.2.70x4b0No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • armmf.adobe.com

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.757246111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:52:14.665236950 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:52:14.665250063 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.757270111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:52:23.289731026 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:52:23.289757013 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.757280111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:52:23.390639067 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:52:23.390686989 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.757283111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:52:23.486838102 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:52:23.486897945 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.757296111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:52:31.994604111 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:52:31.994617939 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.757299111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:52:32.113146067 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:52:32.113163948 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.757313111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:52:40.629681110 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:52:40.629695892 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.757338111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:52:49.180615902 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:52:49.180629015 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.757354111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:52:57.802619934 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:52:57.802661896 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.757372111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:53:06.443159103 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:53:06.443315983 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.2.757395111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:53:14.979008913 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:53:14.979008913 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.2.757409111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:53:23.512618065 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:53:23.512629986 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.2.757422111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:53:32.044857979 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:53:32.044883013 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                13192.168.2.757443111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:53:40.620251894 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:53:40.620253086 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                14192.168.2.757459111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:53:49.988482952 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:53:49.988672018 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                15192.168.2.757464111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:53:50.003985882 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:53:50.004012108 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                16192.168.2.757482111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:53:58.515213966 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:53:58.515228033 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                17192.168.2.757512111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:54:07.413608074 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:54:07.413634062 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                18192.168.2.757539111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:54:15.899919033 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:54:15.899950981 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                19192.168.2.757555111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:54:24.674499989 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:54:24.674510002 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                20192.168.2.757570111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:54:33.290338993 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:54:33.290369034 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                21192.168.2.757587111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:54:41.823461056 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:54:41.823494911 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                22192.168.2.757591111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:54:41.928261995 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:54:41.928280115 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                23192.168.2.757605111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:54:50.373140097 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:54:50.373157024 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                24192.168.2.757608111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:54:50.458187103 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:54:50.458201885 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                25192.168.2.757621111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:54:59.233900070 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:54:59.233922005 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                26192.168.2.757641111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:55:07.855849981 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:55:07.855900049 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                27192.168.2.757654111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:55:16.389132977 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:55:16.389194012 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                28192.168.2.757669111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:55:25.035443068 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:55:25.035465002 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                29192.168.2.757685111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:55:33.571589947 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:55:33.571616888 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                30192.168.2.757699111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:55:42.091443062 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:55:42.091466904 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                31192.168.2.757714111.90.140.51808624C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:55:50.732460022 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:55:50.732460022 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                32192.168.2.757719111.90.140.5180
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:56:01.575073004 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:56:01.575073957 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                33192.168.2.757723111.90.140.5180
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:56:01.674158096 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:56:01.674168110 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                34192.168.2.757733111.90.140.5180
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:56:10.086076975 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:56:10.086076975 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                35192.168.2.757739111.90.140.5180
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Oct 29, 2024 16:56:10.200411081 CET6OUTData Raw: 00 00 00 07
                                                                                                Data Ascii:
                                                                                                Oct 29, 2024 16:56:10.200411081 CET6OUTData Raw: 00 00 00 03
                                                                                                Data Ascii:


                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.74974296.6.160.1894437696C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-10-29 15:52:00 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                                                Host: armmf.adobe.com
                                                                                                Connection: keep-alive
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                                                Sec-Fetch-Site: same-origin
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                If-None-Match: "78-5faa31cce96da"
                                                                                                If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                                                                2024-10-29 15:52:01 UTC198INHTTP/1.1 304 Not Modified
                                                                                                Content-Type: text/plain; charset=UTF-8
                                                                                                Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                                                ETag: "78-5faa31cce96da"
                                                                                                Date: Tue, 29 Oct 2024 15:52:01 GMT
                                                                                                Connection: close


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:11:51:43
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                                                                                Imagebase:0x7ff7b4ee0000
                                                                                                File size:55'320 bytes
                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:1
                                                                                                Start time:11:51:43
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                Imagebase:0x7ff7b4ee0000
                                                                                                File size:55'320 bytes
                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:2
                                                                                                Start time:11:51:43
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
                                                                                                Imagebase:0x7ff7b4ee0000
                                                                                                File size:55'320 bytes
                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:3
                                                                                                Start time:11:51:43
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                                                                                                Imagebase:0x7ff7b4ee0000
                                                                                                File size:55'320 bytes
                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:11:51:44
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Users\user\Desktop\J4zGPhVRV3.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Users\user\Desktop\J4zGPhVRV3.exe"
                                                                                                Imagebase:0x7ff69e570000
                                                                                                File size:25'298'721 bytes
                                                                                                MD5 hash:3BCA758CE1D5C3858AC8E10A2A38B514
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:6
                                                                                                Start time:11:51:46
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user~1\AppData\Local\Temp\file.pdf"
                                                                                                Imagebase:0x7ff702560000
                                                                                                File size:5'641'176 bytes
                                                                                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:7
                                                                                                Start time:11:51:46
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user~1\AppData\Local\Temp\winrar.msi" /qn
                                                                                                Imagebase:0x7ff6406d0000
                                                                                                File size:69'632 bytes
                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:8
                                                                                                Start time:11:51:46
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                Imagebase:0xa30000
                                                                                                File size:69'632 bytes
                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:9
                                                                                                Start time:11:51:47
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                Imagebase:0x7ff6c3ff0000
                                                                                                File size:3'581'912 bytes
                                                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:10
                                                                                                Start time:11:51:47
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                Imagebase:0x7ff7b4ee0000
                                                                                                File size:55'320 bytes
                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:11
                                                                                                Start time:11:51:47
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1740,i,9168305141304841160,3939740794304371731,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                Imagebase:0x7ff6c3ff0000
                                                                                                File size:3'581'912 bytes
                                                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:12
                                                                                                Start time:11:51:47
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\svchost.exe -k LocalService -s W32Time
                                                                                                Imagebase:0x7ff7b4ee0000
                                                                                                File size:55'320 bytes
                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:13
                                                                                                Start time:11:51:49
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 454D404CF2CD6CFC0CCDA935FCCB9601
                                                                                                Imagebase:0x200000
                                                                                                File size:59'904 bytes
                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:16
                                                                                                Start time:11:51:58
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" -msi_copy "C:\Users\user~1\AppData\Local\Temp\winrar.msi"
                                                                                                Imagebase:0x620000
                                                                                                File size:11'149'576 bytes
                                                                                                MD5 hash:2F0D3D1ABD463AC64AA4E743B50AA055
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:Borland Delphi
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000010.00000000.1422949051.00000000010D9000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe, Author: Joe Security
                                                                                                • Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe, Author: ditekSHen
                                                                                                Antivirus matches:
                                                                                                • Detection: 26%, ReversingLabs
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:18
                                                                                                Start time:11:52:03
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /silentinstall
                                                                                                Imagebase:0x4f0000
                                                                                                File size:21'972'744 bytes
                                                                                                MD5 hash:4251BB135CC9A31DD42F0BE1FBC30A86
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:Borland Delphi
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000012.00000000.1478283984.00000000019E5000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe, Author: Joe Security
                                                                                                • Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe, Author: ditekSHen
                                                                                                Antivirus matches:
                                                                                                • Detection: 26%, ReversingLabs
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:19
                                                                                                Start time:13:01:27
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewall
                                                                                                Imagebase:0x4f0000
                                                                                                File size:21'972'744 bytes
                                                                                                MD5 hash:4251BB135CC9A31DD42F0BE1FBC30A86
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:Borland Delphi
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:20
                                                                                                Start time:13:01:29
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /start
                                                                                                Imagebase:0x4f0000
                                                                                                File size:21'972'744 bytes
                                                                                                MD5 hash:4251BB135CC9A31DD42F0BE1FBC30A86
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:Borland Delphi
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:21
                                                                                                Start time:13:01:30
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -service
                                                                                                Imagebase:0x4f0000
                                                                                                File size:21'972'744 bytes
                                                                                                MD5 hash:4251BB135CC9A31DD42F0BE1FBC30A86
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:Borland Delphi
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000015.00000002.3800200492.00000000041C8000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000015.00000003.1568447250.0000000005E6A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000015.00000002.3759250551.00000000026C8000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:22
                                                                                                Start time:13:01:31
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewall
                                                                                                Imagebase:0x4f0000
                                                                                                File size:21'972'744 bytes
                                                                                                MD5 hash:4251BB135CC9A31DD42F0BE1FBC30A86
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:Borland Delphi
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:23
                                                                                                Start time:13:01:32
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe"
                                                                                                Imagebase:0x620000
                                                                                                File size:11'149'576 bytes
                                                                                                MD5 hash:2F0D3D1ABD463AC64AA4E743B50AA055
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:Borland Delphi
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000017.00000002.3745548454.000000000329A000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000017.00000002.3745548454.0000000003276000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:24
                                                                                                Start time:13:01:32
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray
                                                                                                Imagebase:0x620000
                                                                                                File size:11'149'576 bytes
                                                                                                MD5 hash:2F0D3D1ABD463AC64AA4E743B50AA055
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:Borland Delphi
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000018.00000002.3760276212.0000000004DF8000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000018.00000002.3748231450.000000000325A000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000018.00000002.3748231450.0000000003228000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000018.00000002.3760276212.0000000004E3C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:25
                                                                                                Start time:13:01:41
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray
                                                                                                Imagebase:0x620000
                                                                                                File size:11'149'576 bytes
                                                                                                MD5 hash:2F0D3D1ABD463AC64AA4E743B50AA055
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:Borland Delphi
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:26
                                                                                                Start time:13:01:48
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                Imagebase:0x7ff7b4ee0000
                                                                                                File size:55'320 bytes
                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:27
                                                                                                Start time:13:02:03
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                Imagebase:0x7ff729330000
                                                                                                File size:468'120 bytes
                                                                                                MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:28
                                                                                                Start time:13:02:03
                                                                                                Start date:29/10/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff75da10000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:11.7%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:26.4%
                                                                                                  Total number of Nodes:2000
                                                                                                  Total number of Limit Nodes:27
                                                                                                  execution_graph 26465 7ff69e5a11cf 26466 7ff69e5a1102 26465->26466 26469 7ff69e5a1900 26466->26469 26495 7ff69e5a1558 26469->26495 26472 7ff69e5a198b 26473 7ff69e5a1868 DloadReleaseSectionWriteAccess 6 API calls 26472->26473 26474 7ff69e5a1998 RaiseException 26473->26474 26488 7ff69e5a1141 26474->26488 26475 7ff69e5a1a3d LoadLibraryExA 26476 7ff69e5a1a54 GetLastError 26475->26476 26477 7ff69e5a1aa9 26475->26477 26482 7ff69e5a1a7e 26476->26482 26483 7ff69e5a1a69 26476->26483 26478 7ff69e5a1abd 26477->26478 26484 7ff69e5a1ab4 FreeLibrary 26477->26484 26480 7ff69e5a1b1b GetProcAddress 26478->26480 26481 7ff69e5a1b85 26478->26481 26479 7ff69e5a19b4 26479->26475 26479->26477 26479->26478 26479->26481 26480->26481 26487 7ff69e5a1b30 GetLastError 26480->26487 26503 7ff69e5a1868 26481->26503 26486 7ff69e5a1868 DloadReleaseSectionWriteAccess 6 API calls 26482->26486 26483->26477 26483->26482 26484->26478 26489 7ff69e5a1a8b RaiseException 26486->26489 26490 7ff69e5a1b45 26487->26490 26489->26488 26490->26481 26491 7ff69e5a1868 DloadReleaseSectionWriteAccess 6 API calls 26490->26491 26492 7ff69e5a1b67 RaiseException 26491->26492 26493 7ff69e5a1558 _com_raise_error 6 API calls 26492->26493 26494 7ff69e5a1b81 26493->26494 26494->26481 26496 7ff69e5a156e 26495->26496 26502 7ff69e5a15d3 26495->26502 26511 7ff69e5a1604 26496->26511 26499 7ff69e5a15ce 26501 7ff69e5a1604 DloadReleaseSectionWriteAccess 3 API calls 26499->26501 26501->26502 26502->26472 26502->26479 26504 7ff69e5a18d1 26503->26504 26505 7ff69e5a1878 26503->26505 26504->26488 26506 7ff69e5a1604 DloadReleaseSectionWriteAccess 3 API calls 26505->26506 26507 7ff69e5a187d 26506->26507 26508 7ff69e5a18cc 26507->26508 26509 7ff69e5a17d8 DloadProtectSection 3 API calls 26507->26509 26510 7ff69e5a1604 DloadReleaseSectionWriteAccess 3 API calls 26508->26510 26509->26508 26510->26504 26512 7ff69e5a161f 26511->26512 26513 7ff69e5a1573 26511->26513 26512->26513 26514 7ff69e5a1624 GetModuleHandleW 26512->26514 26513->26499 26518 7ff69e5a17d8 26513->26518 26515 7ff69e5a163e GetProcAddress 26514->26515 26516 7ff69e5a1639 26514->26516 26515->26516 26517 7ff69e5a1653 GetProcAddress 26515->26517 26516->26513 26517->26516 26519 7ff69e5a17fa DloadProtectSection 26518->26519 26520 7ff69e5a183a VirtualProtect 26519->26520 26521 7ff69e5a1802 26519->26521 26523 7ff69e5a16a4 VirtualQuery GetSystemInfo 26519->26523 26520->26521 26521->26499 26523->26520 26524 7ff69e5a1491 26525 7ff69e5a13c9 26524->26525 26526 7ff69e5a1900 _com_raise_error 14 API calls 26525->26526 26527 7ff69e5a1408 26526->26527 26528 7ff69e59b190 26871 7ff69e57255c 26528->26871 26530 7ff69e59b1db 26531 7ff69e59b1ef 26530->26531 26532 7ff69e59be93 26530->26532 26579 7ff69e59b20c 26530->26579 26535 7ff69e59b1ff 26531->26535 26536 7ff69e59b2db 26531->26536 26531->26579 27156 7ff69e59f390 26532->27156 26540 7ff69e59b207 26535->26540 26541 7ff69e59b2a9 26535->26541 26543 7ff69e59b391 26536->26543 26548 7ff69e59b2f5 26536->26548 26538 7ff69e59bec9 26545 7ff69e59bef0 GetDlgItem SendMessageW 26538->26545 26546 7ff69e59bed5 SendDlgItemMessageW 26538->26546 26539 7ff69e59beba SendMessageW 26539->26538 26551 7ff69e58aae0 48 API calls 26540->26551 26540->26579 26547 7ff69e59b2cb EndDialog 26541->26547 26541->26579 26879 7ff69e5722bc GetDlgItem 26543->26879 27175 7ff69e5862dc GetCurrentDirectoryW 26545->27175 26546->26545 26547->26579 26552 7ff69e58aae0 48 API calls 26548->26552 26555 7ff69e59b236 26551->26555 26556 7ff69e59b313 SetDlgItemTextW 26552->26556 26553 7ff69e59b3b1 EndDialog 26732 7ff69e59b3da 26553->26732 26554 7ff69e59bf47 GetDlgItem 27185 7ff69e572520 26554->27185 27189 7ff69e571ec4 34 API calls _handle_error 26555->27189 26560 7ff69e59b326 26556->26560 26559 7ff69e59b408 GetDlgItem 26564 7ff69e59b44f SetFocus 26559->26564 26565 7ff69e59b422 SendMessageW SendMessageW 26559->26565 26570 7ff69e59b340 GetMessageW 26560->26570 26560->26579 26563 7ff69e59b246 26569 7ff69e59b25c 26563->26569 27190 7ff69e57250c 26563->27190 26566 7ff69e59b4f2 26564->26566 26567 7ff69e59b465 26564->26567 26565->26564 26893 7ff69e578d04 26566->26893 26572 7ff69e58aae0 48 API calls 26567->26572 26569->26579 26585 7ff69e59c363 26569->26585 26571 7ff69e59b35e IsDialogMessageW 26570->26571 26570->26579 26571->26560 26580 7ff69e59b373 TranslateMessage DispatchMessageW 26571->26580 26581 7ff69e59b46f 26572->26581 26573 7ff69e59bcc5 26582 7ff69e58aae0 48 API calls 26573->26582 26574 7ff69e571fa0 31 API calls 26574->26579 26578 7ff69e59b52c 26903 7ff69e59ef80 26578->26903 27241 7ff69e5a2320 26579->27241 26580->26560 27193 7ff69e57129c 26581->27193 26586 7ff69e59bcd6 SetDlgItemTextW 26582->26586 27250 7ff69e5a7904 26585->27250 26589 7ff69e58aae0 48 API calls 26586->26589 26600 7ff69e59bd08 26589->26600 26595 7ff69e59c368 26606 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26595->26606 26598 7ff69e59b498 26604 7ff69e59f0a4 24 API calls 26598->26604 26611 7ff69e57129c 33 API calls 26600->26611 26609 7ff69e59b4a5 26604->26609 26612 7ff69e59c36e 26606->26612 26609->26595 26631 7ff69e59b4e8 26609->26631 26639 7ff69e59bd31 26611->26639 26623 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26612->26623 26622 7ff69e59bdda 26632 7ff69e58aae0 48 API calls 26622->26632 26633 7ff69e59c374 26623->26633 26627 7ff69e571fa0 31 API calls 26637 7ff69e59b586 26627->26637 26630 7ff69e59b5ec 26642 7ff69e59b61a 26630->26642 27204 7ff69e5832a8 26630->27204 26631->26630 27203 7ff69e59fa80 33 API calls 2 library calls 26631->27203 26644 7ff69e59bde4 26632->26644 26645 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26633->26645 26637->26612 26637->26631 26639->26622 26650 7ff69e57129c 33 API calls 26639->26650 26941 7ff69e582f58 26642->26941 26655 7ff69e57129c 33 API calls 26644->26655 26649 7ff69e59c37a 26645->26649 26662 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26649->26662 26656 7ff69e59bd7f 26650->26656 26661 7ff69e59be0d 26655->26661 26664 7ff69e58aae0 48 API calls 26656->26664 26659 7ff69e59b634 GetLastError 26660 7ff69e59b64c 26659->26660 26953 7ff69e587fc4 26660->26953 26678 7ff69e57129c 33 API calls 26661->26678 26667 7ff69e59c380 26662->26667 26668 7ff69e59bd8a 26664->26668 26666 7ff69e59b60e 27207 7ff69e599d90 12 API calls _handle_error 26666->27207 26679 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26667->26679 26674 7ff69e571150 33 API calls 26668->26674 26672 7ff69e59b65e 26676 7ff69e59b665 GetLastError 26672->26676 26677 7ff69e59b674 26672->26677 26680 7ff69e59bda2 26674->26680 26676->26677 26682 7ff69e59b71c 26677->26682 26686 7ff69e59b72b 26677->26686 26687 7ff69e59b68b GetTickCount 26677->26687 26683 7ff69e59be4e 26678->26683 26684 7ff69e59c386 26679->26684 27237 7ff69e572034 26680->27237 26682->26686 26702 7ff69e59bb79 26682->26702 26695 7ff69e571fa0 31 API calls 26683->26695 26688 7ff69e57255c 61 API calls 26684->26688 26692 7ff69e59ba50 26686->26692 27208 7ff69e586454 26686->27208 26956 7ff69e574228 26687->26956 26691 7ff69e59c3e4 26688->26691 26696 7ff69e59c3e8 26691->26696 26705 7ff69e59c489 GetDlgItem SetFocus 26691->26705 26734 7ff69e59c3fd 26691->26734 26692->26553 27232 7ff69e57bd0c 33 API calls 26692->27232 26693 7ff69e59bdbe 26700 7ff69e571fa0 31 API calls 26693->26700 26703 7ff69e59be78 26695->26703 26712 7ff69e5a2320 _handle_error 8 API calls 26696->26712 26708 7ff69e59bdcc 26700->26708 26718 7ff69e58aae0 48 API calls 26702->26718 26710 7ff69e571fa0 31 API calls 26703->26710 26704 7ff69e59ba75 27233 7ff69e571150 26704->27233 26716 7ff69e59c4ba 26705->26716 26707 7ff69e59b74e 27220 7ff69e58b914 102 API calls 26707->27220 26715 7ff69e571fa0 31 API calls 26708->26715 26709 7ff69e59b6ba 26966 7ff69e571fa0 26709->26966 26719 7ff69e59be83 26710->26719 26721 7ff69e59ca97 26712->26721 26715->26622 26723 7ff69e57129c 33 API calls 26716->26723 26725 7ff69e59bba7 SetDlgItemTextW 26718->26725 26726 7ff69e571fa0 31 API calls 26719->26726 26720 7ff69e59ba8a 26727 7ff69e58aae0 48 API calls 26720->26727 26722 7ff69e59b768 26729 7ff69e58da98 48 API calls 26722->26729 26730 7ff69e59c4cc 26723->26730 26724 7ff69e59b6c8 26971 7ff69e582134 26724->26971 26731 7ff69e572534 26725->26731 26726->26732 26733 7ff69e59ba97 26727->26733 26728 7ff69e59c434 SendDlgItemMessageW 26735 7ff69e59c454 26728->26735 26736 7ff69e59c45d EndDialog 26728->26736 26737 7ff69e59b7aa GetCommandLineW 26729->26737 27255 7ff69e5880d8 33 API calls 26730->27255 26739 7ff69e59bbc5 SetDlgItemTextW GetDlgItem 26731->26739 26732->26574 26740 7ff69e571150 33 API calls 26733->26740 26734->26696 26734->26728 26735->26736 26736->26696 26741 7ff69e59b84f 26737->26741 26742 7ff69e59b869 26737->26742 26746 7ff69e59bbf0 GetWindowLongPtrW SetWindowLongPtrW 26739->26746 26747 7ff69e59bc13 26739->26747 26748 7ff69e59baaa 26740->26748 27221 7ff69e5720b0 26741->27221 27225 7ff69e59ab54 33 API calls _handle_error 26742->27225 26743 7ff69e59c4e0 26749 7ff69e57250c SetDlgItemTextW 26743->26749 26746->26747 26991 7ff69e59ce88 26747->26991 26753 7ff69e571fa0 31 API calls 26748->26753 26755 7ff69e59c4f4 26749->26755 26750 7ff69e59b87a 27226 7ff69e59ab54 33 API calls _handle_error 26750->27226 26760 7ff69e59bab5 26753->26760 26765 7ff69e59c526 SendDlgItemMessageW FindFirstFileW 26755->26765 26757 7ff69e59b6f5 GetLastError 26758 7ff69e59b704 26757->26758 26987 7ff69e58204c 26758->26987 26764 7ff69e571fa0 31 API calls 26760->26764 26761 7ff69e59b88b 27227 7ff69e59ab54 33 API calls _handle_error 26761->27227 26763 7ff69e59ce88 160 API calls 26768 7ff69e59bc3c 26763->26768 26769 7ff69e59bac3 26764->26769 26770 7ff69e59c57b 26765->26770 26863 7ff69e59ca04 26765->26863 27141 7ff69e59f974 26768->27141 26779 7ff69e58aae0 48 API calls 26769->26779 26780 7ff69e58aae0 48 API calls 26770->26780 26771 7ff69e59b89c 27228 7ff69e58b9b4 102 API calls 26771->27228 26776 7ff69e59b8b3 27229 7ff69e59fbdc 33 API calls 26776->27229 26777 7ff69e59ca81 26777->26696 26778 7ff69e59ce88 160 API calls 26794 7ff69e59bc6a 26778->26794 26783 7ff69e59badb 26779->26783 26784 7ff69e59c59e 26780->26784 26782 7ff69e59caa9 26786 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26782->26786 26795 7ff69e57129c 33 API calls 26783->26795 26796 7ff69e57129c 33 API calls 26784->26796 26785 7ff69e59b8d2 CreateFileMappingW 26788 7ff69e59b911 MapViewOfFile 26785->26788 26789 7ff69e59b953 ShellExecuteExW 26785->26789 26790 7ff69e59caae 26786->26790 26787 7ff69e59bc96 27155 7ff69e572298 GetDlgItem EnableWindow 26787->27155 27230 7ff69e5a3640 26788->27230 26811 7ff69e59b974 26789->26811 26797 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26790->26797 26792 7ff69e59b3f5 26792->26553 26792->26573 26794->26787 26798 7ff69e59ce88 160 API calls 26794->26798 26803 7ff69e59bb04 26795->26803 26799 7ff69e59c5cd 26796->26799 26800 7ff69e59cab4 26797->26800 26798->26787 26801 7ff69e571150 33 API calls 26799->26801 26806 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26800->26806 26804 7ff69e59c5e8 26801->26804 26802 7ff69e59bb5a 26807 7ff69e571fa0 31 API calls 26802->26807 26803->26649 26803->26802 27256 7ff69e57e164 33 API calls 2 library calls 26804->27256 26805 7ff69e59b9c3 26812 7ff69e59b9ef 26805->26812 26813 7ff69e59b9dc UnmapViewOfFile CloseHandle 26805->26813 26809 7ff69e59caba 26806->26809 26807->26553 26816 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26809->26816 26810 7ff69e59c5ff 26814 7ff69e571fa0 31 API calls 26810->26814 26811->26805 26820 7ff69e59b9b1 Sleep 26811->26820 26812->26633 26815 7ff69e59ba25 26812->26815 26813->26812 26819 7ff69e59c60c 26814->26819 26818 7ff69e571fa0 31 API calls 26815->26818 26817 7ff69e59cac0 26816->26817 26822 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26817->26822 26821 7ff69e59ba42 26818->26821 26819->26790 26824 7ff69e571fa0 31 API calls 26819->26824 26820->26805 26820->26811 26823 7ff69e571fa0 31 API calls 26821->26823 26825 7ff69e59cac6 26822->26825 26823->26692 26826 7ff69e59c673 26824->26826 26828 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26825->26828 26827 7ff69e57250c SetDlgItemTextW 26826->26827 26829 7ff69e59c687 FindClose 26827->26829 26832 7ff69e59cacc 26828->26832 26830 7ff69e59c6a3 26829->26830 26831 7ff69e59c797 SendDlgItemMessageW 26829->26831 27257 7ff69e59a2cc 10 API calls _handle_error 26830->27257 26834 7ff69e59c7cb 26831->26834 26837 7ff69e58aae0 48 API calls 26834->26837 26835 7ff69e59c6c6 26836 7ff69e58aae0 48 API calls 26835->26836 26838 7ff69e59c6cf 26836->26838 26839 7ff69e59c7d8 26837->26839 26840 7ff69e58da98 48 API calls 26838->26840 26841 7ff69e57129c 33 API calls 26839->26841 26844 7ff69e59c6ec memcpy_s 26840->26844 26843 7ff69e59c807 26841->26843 26842 7ff69e571fa0 31 API calls 26845 7ff69e59c783 26842->26845 26846 7ff69e571150 33 API calls 26843->26846 26844->26800 26844->26842 26847 7ff69e57250c SetDlgItemTextW 26845->26847 26848 7ff69e59c822 26846->26848 26847->26831 27258 7ff69e57e164 33 API calls 2 library calls 26848->27258 26850 7ff69e59c839 26851 7ff69e571fa0 31 API calls 26850->26851 26852 7ff69e59c845 memcpy_s 26851->26852 26853 7ff69e571fa0 31 API calls 26852->26853 26854 7ff69e59c87f 26853->26854 26855 7ff69e571fa0 31 API calls 26854->26855 26856 7ff69e59c88c 26855->26856 26856->26809 26857 7ff69e571fa0 31 API calls 26856->26857 26858 7ff69e59c8f3 26857->26858 26859 7ff69e57250c SetDlgItemTextW 26858->26859 26860 7ff69e59c907 26859->26860 26860->26863 27259 7ff69e59a2cc 10 API calls _handle_error 26860->27259 26862 7ff69e59c932 26864 7ff69e58aae0 48 API calls 26862->26864 26863->26696 26863->26777 26863->26782 26863->26825 26865 7ff69e59c93c 26864->26865 26866 7ff69e58da98 48 API calls 26865->26866 26869 7ff69e59c959 memcpy_s 26866->26869 26867 7ff69e571fa0 31 API calls 26868 7ff69e59c9f0 26867->26868 26870 7ff69e57250c SetDlgItemTextW 26868->26870 26869->26817 26869->26867 26870->26863 26872 7ff69e57256a 26871->26872 26873 7ff69e5725d0 26871->26873 26872->26873 27260 7ff69e58a4ac 26872->27260 26873->26530 26875 7ff69e57258f 26875->26873 26876 7ff69e5725a4 GetDlgItem 26875->26876 26876->26873 26877 7ff69e5725b7 26876->26877 26877->26873 26878 7ff69e5725be SetWindowTextW 26877->26878 26878->26873 26880 7ff69e5722fc 26879->26880 26881 7ff69e572334 26879->26881 26884 7ff69e57129c 33 API calls 26880->26884 27359 7ff69e5723f8 GetWindowTextLengthW 26881->27359 26883 7ff69e57232a memcpy_s 26886 7ff69e571fa0 31 API calls 26883->26886 26888 7ff69e572389 26883->26888 26884->26883 26885 7ff69e5723c8 26887 7ff69e5a2320 _handle_error 8 API calls 26885->26887 26886->26888 26889 7ff69e5723dd 26887->26889 26888->26885 26890 7ff69e5723f0 26888->26890 26889->26553 26889->26559 26889->26792 26891 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26890->26891 26892 7ff69e5723f5 26891->26892 26894 7ff69e578d34 26893->26894 26901 7ff69e578de8 26893->26901 26897 7ff69e578de3 26894->26897 26898 7ff69e578d91 26894->26898 26899 7ff69e578d42 memcpy_s 26894->26899 27403 7ff69e571f80 33 API calls 3 library calls 26897->27403 26898->26899 26902 7ff69e5a21d0 33 API calls 26898->26902 26899->26578 27404 7ff69e572004 33 API calls std::_Xinvalid_argument 26901->27404 26902->26899 26907 7ff69e59efb0 26903->26907 26904 7ff69e59efd7 26905 7ff69e5a2320 _handle_error 8 API calls 26904->26905 26906 7ff69e59b537 26905->26906 26917 7ff69e58aae0 26906->26917 26907->26904 27405 7ff69e57bd0c 33 API calls 26907->27405 26909 7ff69e59f02a 26910 7ff69e571150 33 API calls 26909->26910 26911 7ff69e59f03f 26910->26911 26913 7ff69e571fa0 31 API calls 26911->26913 26915 7ff69e59f04f memcpy_s 26911->26915 26912 7ff69e571fa0 31 API calls 26914 7ff69e59f076 26912->26914 26913->26915 26916 7ff69e571fa0 31 API calls 26914->26916 26915->26912 26916->26904 26918 7ff69e58aaf3 26917->26918 27406 7ff69e589774 26918->27406 26921 7ff69e58ab86 26924 7ff69e58da98 26921->26924 26922 7ff69e58ab58 LoadStringW 26922->26921 26923 7ff69e58ab71 LoadStringW 26922->26923 26923->26921 27425 7ff69e58d874 26924->27425 26927 7ff69e59f0a4 27459 7ff69e59ae1c PeekMessageW 26927->27459 26930 7ff69e59f143 SendMessageW SendMessageW 26932 7ff69e59f1a4 SendMessageW 26930->26932 26933 7ff69e59f189 26930->26933 26931 7ff69e59f0f5 26934 7ff69e59f101 ShowWindow SendMessageW SendMessageW 26931->26934 26935 7ff69e59f1c3 26932->26935 26936 7ff69e59f1c6 SendMessageW SendMessageW 26932->26936 26933->26932 26934->26930 26935->26936 26937 7ff69e59f1f3 SendMessageW 26936->26937 26938 7ff69e59f218 SendMessageW 26936->26938 26937->26938 26939 7ff69e5a2320 _handle_error 8 API calls 26938->26939 26940 7ff69e59b578 26939->26940 26940->26627 26945 7ff69e582f8e 26941->26945 26948 7ff69e58309d 26941->26948 26942 7ff69e5a2320 _handle_error 8 API calls 26943 7ff69e5830b3 26942->26943 26943->26659 26943->26660 26944 7ff69e583077 26946 7ff69e583684 56 API calls 26944->26946 26944->26948 26945->26944 26947 7ff69e57129c 33 API calls 26945->26947 26950 7ff69e5830c8 26945->26950 27464 7ff69e583684 26945->27464 26946->26948 26947->26945 26948->26942 26951 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26950->26951 26952 7ff69e5830cd 26951->26952 26954 7ff69e587fd2 SetCurrentDirectoryW 26953->26954 26955 7ff69e587fcf 26953->26955 26954->26672 26955->26954 26957 7ff69e574255 26956->26957 26958 7ff69e57426a 26957->26958 26959 7ff69e57129c 33 API calls 26957->26959 26960 7ff69e5a2320 _handle_error 8 API calls 26958->26960 26959->26958 26961 7ff69e5742a1 26960->26961 26962 7ff69e573c84 26961->26962 26963 7ff69e573cab 26962->26963 27597 7ff69e57710c 26963->27597 26965 7ff69e573cbb memcpy_s 26965->26709 26967 7ff69e571fb3 26966->26967 26968 7ff69e571fdc 26966->26968 26967->26968 26969 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26967->26969 26968->26724 26970 7ff69e572000 26969->26970 26974 7ff69e58216a 26971->26974 26972 7ff69e58219e 26975 7ff69e58227f 26972->26975 26977 7ff69e586a0c 49 API calls 26972->26977 26973 7ff69e5821b1 CreateFileW 26973->26972 26974->26972 26974->26973 26976 7ff69e5822af 26975->26976 26980 7ff69e5720b0 33 API calls 26975->26980 26978 7ff69e5a2320 _handle_error 8 API calls 26976->26978 26979 7ff69e582209 26977->26979 26981 7ff69e5822c4 26978->26981 26982 7ff69e58220d CreateFileW 26979->26982 26983 7ff69e582246 26979->26983 26980->26976 26981->26757 26981->26758 26982->26983 26983->26975 26984 7ff69e5822d8 26983->26984 26985 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 26984->26985 26986 7ff69e5822dd 26985->26986 26988 7ff69e582066 26987->26988 26989 7ff69e582072 26987->26989 26988->26989 27609 7ff69e5820d0 26988->27609 27616 7ff69e59aa08 26991->27616 26993 7ff69e59d1ee 26994 7ff69e571fa0 31 API calls 26993->26994 26995 7ff69e59d1f7 26994->26995 26996 7ff69e5a2320 _handle_error 8 API calls 26995->26996 26998 7ff69e59bc2b 26996->26998 26997 7ff69e58d22c 33 API calls 27100 7ff69e59cf03 memcpy_s 26997->27100 26998->26763 26999 7ff69e59eefa 27749 7ff69e57704c 47 API calls memcpy_s 26999->27749 27002 7ff69e59ef00 27750 7ff69e57704c 47 API calls memcpy_s 27002->27750 27005 7ff69e59eeee 27007 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27005->27007 27006 7ff69e59ef06 27008 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27006->27008 27009 7ff69e59eef4 27007->27009 27010 7ff69e59ef0c 27008->27010 27748 7ff69e57704c 47 API calls memcpy_s 27009->27748 27013 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27010->27013 27015 7ff69e59ef12 27013->27015 27014 7ff69e59ee4a 27016 7ff69e59eed2 27014->27016 27017 7ff69e5720b0 33 API calls 27014->27017 27020 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27015->27020 27746 7ff69e571f80 33 API calls 3 library calls 27016->27746 27022 7ff69e59ee77 27017->27022 27018 7ff69e59eee8 27747 7ff69e572004 33 API calls std::_Xinvalid_argument 27018->27747 27019 7ff69e5713a4 33 API calls 27023 7ff69e59dc3a GetTempPathW 27019->27023 27024 7ff69e59ef18 27020->27024 27745 7ff69e59abe8 33 API calls 3 library calls 27022->27745 27023->27100 27032 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27024->27032 27025 7ff69e5862dc 35 API calls 27025->27100 27028 7ff69e5abb8c 43 API calls 27028->27100 27030 7ff69e59ee8d 27038 7ff69e571fa0 31 API calls 27030->27038 27042 7ff69e59eea4 memcpy_s 27030->27042 27031 7ff69e572520 SetWindowTextW 27031->27100 27036 7ff69e59ef1e 27032->27036 27034 7ff69e578d04 33 API calls 27034->27100 27043 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27036->27043 27037 7ff69e59e7f3 27037->27016 27037->27018 27041 7ff69e5a21d0 33 API calls 27037->27041 27051 7ff69e59e83b memcpy_s 27037->27051 27038->27042 27039 7ff69e571fa0 31 API calls 27039->27016 27040 7ff69e572034 33 API calls 27040->27100 27041->27051 27042->27039 27046 7ff69e59ef24 27043->27046 27044 7ff69e5720b0 33 API calls 27044->27100 27045 7ff69e59aa08 33 API calls 27045->27100 27049 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27046->27049 27048 7ff69e59ef6c 27753 7ff69e572004 33 API calls std::_Xinvalid_argument 27048->27753 27055 7ff69e59ef2a 27049->27055 27050 7ff69e583f30 54 API calls 27050->27100 27059 7ff69e5720b0 33 API calls 27051->27059 27105 7ff69e59eb8f 27051->27105 27053 7ff69e571fa0 31 API calls 27053->27014 27054 7ff69e59ef78 27755 7ff69e572004 33 API calls std::_Xinvalid_argument 27054->27755 27064 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27055->27064 27056 7ff69e59ef72 27754 7ff69e571f80 33 API calls 3 library calls 27056->27754 27058 7ff69e59ef66 27752 7ff69e571f80 33 API calls 3 library calls 27058->27752 27065 7ff69e59e963 27059->27065 27063 7ff69e59ec2a 27063->27048 27063->27058 27072 7ff69e59ec72 memcpy_s 27063->27072 27077 7ff69e59ed3b memcpy_s 27063->27077 27079 7ff69e5a21d0 33 API calls 27063->27079 27070 7ff69e59ef30 27064->27070 27078 7ff69e57129c 33 API calls 27065->27078 27113 7ff69e59ef60 27065->27113 27068 7ff69e59ed40 27068->27054 27068->27056 27068->27077 27083 7ff69e5a21d0 33 API calls 27068->27083 27069 7ff69e57e164 33 API calls 27069->27100 27084 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27070->27084 27071 7ff69e583d34 51 API calls 27071->27100 27659 7ff69e59f4e0 27072->27659 27074 7ff69e59d5e9 GetDlgItem 27080 7ff69e572520 SetWindowTextW 27074->27080 27076 7ff69e5999c8 31 API calls 27076->27100 27077->27053 27085 7ff69e59e9a6 27078->27085 27079->27072 27086 7ff69e59d608 SendMessageW 27080->27086 27083->27077 27087 7ff69e59ef36 27084->27087 27741 7ff69e58d22c 27085->27741 27086->27100 27093 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27087->27093 27090 7ff69e585b60 53 API calls 27090->27100 27091 7ff69e572674 31 API calls 27091->27100 27092 7ff69e58dc2c 33 API calls 27092->27100 27096 7ff69e59ef3c 27093->27096 27094 7ff69e59d63c SendMessageW 27094->27100 27095 7ff69e571fa0 31 API calls 27095->27100 27102 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27096->27102 27100->26993 27100->26997 27100->26999 27100->27002 27100->27005 27100->27006 27100->27009 27100->27010 27100->27014 27100->27015 27100->27019 27100->27024 27100->27025 27100->27028 27100->27031 27100->27034 27100->27036 27100->27037 27100->27040 27100->27044 27100->27045 27100->27046 27100->27050 27100->27055 27100->27069 27100->27070 27100->27071 27100->27076 27100->27087 27100->27090 27100->27091 27100->27092 27100->27094 27100->27095 27100->27096 27106 7ff69e59ef42 27100->27106 27108 7ff69e574228 33 API calls 27100->27108 27114 7ff69e585820 33 API calls 27100->27114 27115 7ff69e5832a8 51 API calls 27100->27115 27118 7ff69e585aa8 33 API calls 27100->27118 27119 7ff69e57250c SetDlgItemTextW 27100->27119 27122 7ff69e571150 33 API calls 27100->27122 27129 7ff69e57129c 33 API calls 27100->27129 27131 7ff69e59df99 EndDialog 27100->27131 27133 7ff69e5832bc 51 API calls 27100->27133 27135 7ff69e59db21 MoveFileW 27100->27135 27139 7ff69e582f58 56 API calls 27100->27139 27620 7ff69e5913c4 CompareStringW 27100->27620 27621 7ff69e59a440 27100->27621 27697 7ff69e58cfa4 35 API calls _invalid_parameter_noinfo_noreturn 27100->27697 27698 7ff69e5995b4 33 API calls Concurrency::cancel_current_task 27100->27698 27699 7ff69e5a0684 31 API calls _invalid_parameter_noinfo_noreturn 27100->27699 27700 7ff69e57df4c 47 API calls memcpy_s 27100->27700 27701 7ff69e59a834 33 API calls _invalid_parameter_noinfo_noreturn 27100->27701 27702 7ff69e599518 33 API calls 27100->27702 27703 7ff69e59abe8 33 API calls 3 library calls 27100->27703 27704 7ff69e587368 33 API calls 2 library calls 27100->27704 27705 7ff69e584088 33 API calls 27100->27705 27706 7ff69e5865b0 33 API calls 3 library calls 27100->27706 27707 7ff69e5872cc 27100->27707 27711 7ff69e571744 33 API calls 4 library calls 27100->27711 27712 7ff69e5831bc 27100->27712 27726 7ff69e583ea0 FindClose 27100->27726 27727 7ff69e5913f4 CompareStringW 27100->27727 27728 7ff69e599cd0 47 API calls 27100->27728 27729 7ff69e5987d8 51 API calls 3 library calls 27100->27729 27730 7ff69e59ab54 33 API calls _handle_error 27100->27730 27731 7ff69e587df4 27100->27731 27739 7ff69e585b08 CompareStringW 27100->27739 27740 7ff69e587eb0 47 API calls 27100->27740 27101 7ff69e59e9d1 27104 7ff69e57129c 33 API calls 27101->27104 27101->27105 27116 7ff69e59ef48 27101->27116 27120 7ff69e59ef4e 27101->27120 27125 7ff69e5913c4 CompareStringW 27101->27125 27128 7ff69e571fa0 31 API calls 27101->27128 27134 7ff69e58d22c 33 API calls 27101->27134 27102->27106 27104->27101 27105->27063 27105->27068 27110 7ff69e59ef5a 27105->27110 27127 7ff69e59ef54 27105->27127 27112 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27106->27112 27107 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27107->27110 27108->27100 27111 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27110->27111 27111->27113 27112->27116 27751 7ff69e57704c 47 API calls memcpy_s 27113->27751 27114->27100 27115->27100 27117 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27116->27117 27117->27120 27118->27100 27119->27100 27124 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27120->27124 27122->27100 27124->27127 27125->27101 27127->27107 27128->27101 27129->27100 27131->27100 27133->27100 27134->27101 27136 7ff69e59db70 27135->27136 27137 7ff69e59db55 MoveFileExW 27135->27137 27136->27100 27138 7ff69e571fa0 31 API calls 27136->27138 27137->27136 27138->27136 27139->27100 27142 7ff69e59f9a3 27141->27142 27143 7ff69e5720b0 33 API calls 27142->27143 27145 7ff69e59f9b9 27143->27145 27144 7ff69e59f9ee 27769 7ff69e57e34c 27144->27769 27145->27144 27146 7ff69e5720b0 33 API calls 27145->27146 27146->27144 27148 7ff69e59fa4b 27789 7ff69e57e7a8 27148->27789 27152 7ff69e59fa61 27153 7ff69e5a2320 _handle_error 8 API calls 27152->27153 27154 7ff69e59bc52 27153->27154 27154->26778 28925 7ff69e59849c 27156->28925 27159 7ff69e59f4b7 27161 7ff69e5a2320 _handle_error 8 API calls 27159->27161 27160 7ff69e59f3c7 GetWindow 27165 7ff69e59f3e2 27160->27165 27162 7ff69e59be9b 27161->27162 27162->26538 27162->26539 27163 7ff69e59f3ee GetClassNameW 28930 7ff69e5913c4 CompareStringW 27163->28930 27165->27159 27165->27163 27166 7ff69e59f417 GetWindowLongPtrW 27165->27166 27167 7ff69e59f496 GetWindow 27165->27167 27166->27167 27168 7ff69e59f429 SendMessageW 27166->27168 27167->27159 27167->27165 27168->27167 27169 7ff69e59f445 GetObjectW 27168->27169 28931 7ff69e598504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27169->28931 27171 7ff69e59f461 28932 7ff69e5984cc 27171->28932 28936 7ff69e598df4 16 API calls _handle_error 27171->28936 27174 7ff69e59f479 SendMessageW DeleteObject 27174->27167 27176 7ff69e586300 27175->27176 27181 7ff69e58638d 27175->27181 27177 7ff69e5713a4 33 API calls 27176->27177 27178 7ff69e58631b GetCurrentDirectoryW 27177->27178 27179 7ff69e586341 27178->27179 27180 7ff69e5720b0 33 API calls 27179->27180 27182 7ff69e58634f 27180->27182 27181->26554 27182->27181 27183 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27182->27183 27184 7ff69e5863a9 27183->27184 27186 7ff69e57252a SetWindowTextW 27185->27186 27187 7ff69e572527 27185->27187 27188 7ff69e5de2e0 27186->27188 27187->27186 27189->26563 27191 7ff69e572516 SetDlgItemTextW 27190->27191 27192 7ff69e572513 27190->27192 27192->27191 27194 7ff69e5712d0 27193->27194 27201 7ff69e57139b 27193->27201 27197 7ff69e571338 27194->27197 27198 7ff69e571396 27194->27198 27199 7ff69e5712de memcpy_s 27194->27199 27197->27199 27202 7ff69e5a21d0 33 API calls 27197->27202 28939 7ff69e571f80 33 API calls 3 library calls 27198->28939 27199->26598 28940 7ff69e572004 33 API calls std::_Xinvalid_argument 27201->28940 27202->27199 27203->26630 27205 7ff69e5832bc 51 API calls 27204->27205 27206 7ff69e5832b1 27205->27206 27206->26642 27206->26666 27207->26642 27209 7ff69e5713a4 33 API calls 27208->27209 27210 7ff69e586489 27209->27210 27211 7ff69e58648c GetModuleFileNameW 27210->27211 27214 7ff69e5864dc 27210->27214 27212 7ff69e5864a7 27211->27212 27213 7ff69e5864de 27211->27213 27212->27210 27213->27214 27215 7ff69e57129c 33 API calls 27214->27215 27217 7ff69e586506 27215->27217 27216 7ff69e58653e 27216->26707 27217->27216 27218 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27217->27218 27219 7ff69e586560 27218->27219 27220->26722 27222 7ff69e5720f6 27221->27222 27224 7ff69e5720cb memcpy_s 27221->27224 28941 7ff69e571474 27222->28941 27224->26742 27225->26750 27226->26761 27227->26771 27228->26776 27229->26785 27231 7ff69e5a3620 27230->27231 27231->26789 27232->26704 27234 7ff69e571177 27233->27234 27235 7ff69e572034 33 API calls 27234->27235 27236 7ff69e571185 memcpy_s 27235->27236 27236->26720 27238 7ff69e572085 27237->27238 27240 7ff69e572059 memcpy_s 27237->27240 28955 7ff69e5715b8 33 API calls 3 library calls 27238->28955 27240->26693 27242 7ff69e5a2329 27241->27242 27243 7ff69e59c350 27242->27243 27244 7ff69e5a2550 IsProcessorFeaturePresent 27242->27244 27245 7ff69e5a2568 27244->27245 28956 7ff69e5a2744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 27245->28956 27247 7ff69e5a257b 28957 7ff69e5a2510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 27247->28957 28958 7ff69e5a783c 31 API calls 2 library calls 27250->28958 27252 7ff69e5a791d 28959 7ff69e5a7934 16 API calls abort 27252->28959 27255->26743 27256->26810 27257->26835 27258->26850 27259->26862 27285 7ff69e583e28 27260->27285 27264 7ff69e58a519 27265 7ff69e58a589 27264->27265 27283 7ff69e58a56a SetDlgItemTextW 27264->27283 27306 7ff69e589800 27264->27306 27291 7ff69e589408 27265->27291 27268 7ff69e58a6f2 GetSystemMetrics GetWindow 27270 7ff69e58a821 27268->27270 27278 7ff69e58a71d 27268->27278 27269 7ff69e58a603 27271 7ff69e58a6c2 27269->27271 27272 7ff69e58a60c GetWindowLongPtrW 27269->27272 27274 7ff69e5a2320 _handle_error 8 API calls 27270->27274 27310 7ff69e5895a8 27271->27310 27275 7ff69e5de2c0 27272->27275 27279 7ff69e58a830 27274->27279 27280 7ff69e58a6aa GetWindowRect 27275->27280 27278->27270 27282 7ff69e58a73e GetWindowRect 27278->27282 27284 7ff69e58a800 GetWindow 27278->27284 27279->26875 27280->27271 27281 7ff69e58a6e5 SetWindowTextW 27281->27268 27282->27278 27283->27264 27284->27270 27284->27278 27286 7ff69e583e4d swprintf 27285->27286 27319 7ff69e5a9ef0 27286->27319 27289 7ff69e590f68 WideCharToMultiByte 27290 7ff69e590faa 27289->27290 27290->27264 27292 7ff69e5895a8 47 API calls 27291->27292 27294 7ff69e58944f 27292->27294 27293 7ff69e5a2320 _handle_error 8 API calls 27295 7ff69e58958e GetWindowRect GetClientRect 27293->27295 27296 7ff69e57129c 33 API calls 27294->27296 27304 7ff69e58955a 27294->27304 27295->27268 27295->27269 27297 7ff69e58949c 27296->27297 27298 7ff69e5895a1 27297->27298 27300 7ff69e57129c 33 API calls 27297->27300 27299 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27298->27299 27301 7ff69e5895a7 27299->27301 27302 7ff69e589514 27300->27302 27303 7ff69e58959c 27302->27303 27302->27304 27305 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27303->27305 27304->27293 27305->27298 27307 7ff69e589840 27306->27307 27309 7ff69e589869 27306->27309 27358 7ff69e5aa270 31 API calls 2 library calls 27307->27358 27309->27264 27311 7ff69e583e28 swprintf 46 API calls 27310->27311 27312 7ff69e5895eb 27311->27312 27313 7ff69e590f68 WideCharToMultiByte 27312->27313 27314 7ff69e589603 27313->27314 27315 7ff69e589800 31 API calls 27314->27315 27316 7ff69e58961b 27315->27316 27317 7ff69e5a2320 _handle_error 8 API calls 27316->27317 27318 7ff69e58962b 27317->27318 27318->27268 27318->27281 27320 7ff69e5a9f4e 27319->27320 27321 7ff69e5a9f36 27319->27321 27320->27321 27323 7ff69e5a9f58 27320->27323 27346 7ff69e5ad69c 15 API calls _set_errno_from_matherr 27321->27346 27348 7ff69e5a7ef0 35 API calls 2 library calls 27323->27348 27324 7ff69e5a9f3b 27347 7ff69e5a78e4 31 API calls _invalid_parameter_noinfo_noreturn 27324->27347 27327 7ff69e5a2320 _handle_error 8 API calls 27329 7ff69e583e69 27327->27329 27328 7ff69e5a9f69 memcpy_s 27349 7ff69e5a7e70 15 API calls _set_errno_from_matherr 27328->27349 27329->27289 27331 7ff69e5a9fd4 27350 7ff69e5a82f8 46 API calls 3 library calls 27331->27350 27333 7ff69e5a9fdd 27334 7ff69e5aa014 27333->27334 27335 7ff69e5a9fe5 27333->27335 27337 7ff69e5aa01a 27334->27337 27338 7ff69e5aa092 27334->27338 27342 7ff69e5aa023 27334->27342 27343 7ff69e5aa06c 27334->27343 27351 7ff69e5ad90c 27335->27351 27337->27342 27337->27343 27340 7ff69e5aa09c 27338->27340 27338->27343 27339 7ff69e5ad90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 27345 7ff69e5a9f46 27339->27345 27344 7ff69e5ad90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 27340->27344 27341 7ff69e5ad90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 27341->27345 27342->27341 27343->27339 27344->27345 27345->27327 27346->27324 27347->27345 27348->27328 27349->27331 27350->27333 27352 7ff69e5ad911 RtlFreeHeap 27351->27352 27353 7ff69e5ad941 Concurrency::details::SchedulerProxy::DeleteThis 27351->27353 27352->27353 27354 7ff69e5ad92c 27352->27354 27353->27345 27357 7ff69e5ad69c 15 API calls _set_errno_from_matherr 27354->27357 27356 7ff69e5ad931 GetLastError 27356->27353 27357->27356 27358->27309 27371 7ff69e5713a4 27359->27371 27362 7ff69e572494 27363 7ff69e57129c 33 API calls 27362->27363 27365 7ff69e5724a2 27363->27365 27364 7ff69e5a2320 _handle_error 8 API calls 27368 7ff69e5724f3 27364->27368 27366 7ff69e572505 27365->27366 27367 7ff69e5724dd 27365->27367 27369 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27366->27369 27367->27364 27368->26883 27370 7ff69e57250a 27369->27370 27372 7ff69e57142d GetWindowTextW 27371->27372 27373 7ff69e5713ad 27371->27373 27372->27362 27374 7ff69e57143d 27373->27374 27375 7ff69e5713ce 27373->27375 27391 7ff69e572018 33 API calls std::_Xinvalid_argument 27374->27391 27379 7ff69e5713db memcpy_s 27375->27379 27381 7ff69e5a21d0 27375->27381 27390 7ff69e57197c 31 API calls _invalid_parameter_noinfo_noreturn 27379->27390 27382 7ff69e5a21db 27381->27382 27383 7ff69e5a21f4 27382->27383 27385 7ff69e5a21fa 27382->27385 27392 7ff69e5abbc0 27382->27392 27383->27379 27386 7ff69e5a2205 27385->27386 27395 7ff69e5a2f7c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 27385->27395 27396 7ff69e571f80 33 API calls 3 library calls 27386->27396 27389 7ff69e5a220b 27390->27372 27397 7ff69e5abc00 27392->27397 27395->27386 27396->27389 27402 7ff69e5af398 EnterCriticalSection 27397->27402 27403->26901 27405->26909 27413 7ff69e589638 27406->27413 27409 7ff69e5897d9 27411 7ff69e5a2320 _handle_error 8 API calls 27409->27411 27410 7ff69e589800 31 API calls 27410->27409 27412 7ff69e5897f2 27411->27412 27412->26921 27412->26922 27414 7ff69e589692 27413->27414 27422 7ff69e589730 27413->27422 27415 7ff69e5896c0 27414->27415 27416 7ff69e590f68 WideCharToMultiByte 27414->27416 27419 7ff69e5896ef 27415->27419 27423 7ff69e58aa88 45 API calls 2 library calls 27415->27423 27416->27415 27417 7ff69e5a2320 _handle_error 8 API calls 27418 7ff69e589764 27417->27418 27418->27409 27418->27410 27424 7ff69e5aa270 31 API calls 2 library calls 27419->27424 27422->27417 27423->27419 27424->27422 27441 7ff69e58d4d0 27425->27441 27429 7ff69e5a9ef0 swprintf 46 API calls 27430 7ff69e58d8e5 swprintf 27429->27430 27430->27429 27438 7ff69e58d974 27430->27438 27455 7ff69e579d78 33 API calls 27430->27455 27431 7ff69e58d9a3 27433 7ff69e58da17 27431->27433 27435 7ff69e58da3f 27431->27435 27434 7ff69e5a2320 _handle_error 8 API calls 27433->27434 27436 7ff69e58da2b 27434->27436 27437 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27435->27437 27436->26927 27439 7ff69e58da44 27437->27439 27438->27431 27456 7ff69e579d78 33 API calls 27438->27456 27442 7ff69e58d665 27441->27442 27444 7ff69e58d502 27441->27444 27445 7ff69e58cb80 27442->27445 27443 7ff69e571744 33 API calls 27443->27444 27444->27442 27444->27443 27446 7ff69e58cbb6 27445->27446 27453 7ff69e58cc80 27445->27453 27447 7ff69e58cbc6 27446->27447 27450 7ff69e58cc7b 27446->27450 27452 7ff69e58cc20 27446->27452 27447->27430 27457 7ff69e571f80 33 API calls 3 library calls 27450->27457 27452->27447 27454 7ff69e5a21d0 33 API calls 27452->27454 27458 7ff69e572004 33 API calls std::_Xinvalid_argument 27453->27458 27454->27447 27455->27430 27456->27431 27457->27453 27460 7ff69e59ae80 GetDlgItem 27459->27460 27461 7ff69e59ae3c GetMessageW 27459->27461 27460->26930 27460->26931 27462 7ff69e59ae5b IsDialogMessageW 27461->27462 27463 7ff69e59ae6a TranslateMessage DispatchMessageW 27461->27463 27462->27460 27462->27463 27463->27460 27466 7ff69e5836b3 27464->27466 27465 7ff69e5836e0 27484 7ff69e5832bc 27465->27484 27466->27465 27467 7ff69e5836cc CreateDirectoryW 27466->27467 27467->27465 27469 7ff69e58377d 27467->27469 27471 7ff69e58378d 27469->27471 27571 7ff69e583d34 27469->27571 27475 7ff69e5a2320 _handle_error 8 API calls 27471->27475 27472 7ff69e583791 GetLastError 27472->27471 27477 7ff69e5837b9 27475->27477 27477->26945 27478 7ff69e58373b 27480 7ff69e583774 27478->27480 27481 7ff69e5837ce 27478->27481 27479 7ff69e583720 CreateDirectoryW 27479->27478 27480->27469 27480->27472 27482 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27481->27482 27483 7ff69e5837d3 27482->27483 27485 7ff69e5832e7 GetFileAttributesW 27484->27485 27486 7ff69e5832e4 27484->27486 27487 7ff69e5832f8 27485->27487 27495 7ff69e583375 27485->27495 27486->27485 27488 7ff69e586a0c 49 API calls 27487->27488 27490 7ff69e58331f 27488->27490 27489 7ff69e5a2320 _handle_error 8 API calls 27491 7ff69e583389 27489->27491 27492 7ff69e58333c 27490->27492 27493 7ff69e583323 GetFileAttributesW 27490->27493 27491->27472 27498 7ff69e586a0c 27491->27498 27494 7ff69e583399 27492->27494 27492->27495 27493->27492 27496 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27494->27496 27495->27489 27497 7ff69e58339e 27496->27497 27499 7ff69e586a4b 27498->27499 27519 7ff69e586a44 27498->27519 27502 7ff69e57129c 33 API calls 27499->27502 27500 7ff69e5a2320 _handle_error 8 API calls 27501 7ff69e58371c 27500->27501 27501->27478 27501->27479 27503 7ff69e586a76 27502->27503 27504 7ff69e586cc7 27503->27504 27505 7ff69e586a96 27503->27505 27506 7ff69e5862dc 35 API calls 27504->27506 27507 7ff69e586ab0 27505->27507 27533 7ff69e586b49 27505->27533 27510 7ff69e586ce6 27506->27510 27508 7ff69e5870ab 27507->27508 27585 7ff69e57c098 33 API calls 2 library calls 27507->27585 27593 7ff69e572004 33 API calls std::_Xinvalid_argument 27508->27593 27511 7ff69e586eef 27510->27511 27515 7ff69e586d1b 27510->27515 27517 7ff69e586b44 27510->27517 27514 7ff69e5870cf 27511->27514 27590 7ff69e57c098 33 API calls 2 library calls 27511->27590 27512 7ff69e5870b1 27524 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27512->27524 27596 7ff69e572004 33 API calls std::_Xinvalid_argument 27514->27596 27522 7ff69e5870bd 27515->27522 27588 7ff69e57c098 33 API calls 2 library calls 27515->27588 27516 7ff69e5870d5 27525 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27516->27525 27517->27512 27517->27516 27517->27519 27526 7ff69e5870a6 27517->27526 27519->27500 27520 7ff69e586b03 27534 7ff69e571fa0 31 API calls 27520->27534 27538 7ff69e586b15 memcpy_s 27520->27538 27594 7ff69e572004 33 API calls std::_Xinvalid_argument 27522->27594 27531 7ff69e5870b7 27524->27531 27532 7ff69e5870db 27525->27532 27530 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27526->27530 27527 7ff69e586f56 27591 7ff69e5711cc 33 API calls memcpy_s 27527->27591 27529 7ff69e571fa0 31 API calls 27529->27517 27530->27508 27541 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27531->27541 27543 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27532->27543 27533->27517 27537 7ff69e57129c 33 API calls 27533->27537 27534->27538 27536 7ff69e5870c3 27540 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27536->27540 27544 7ff69e586bbe 27537->27544 27538->27529 27539 7ff69e586f69 27592 7ff69e5857ac 33 API calls memcpy_s 27539->27592 27546 7ff69e5870c9 27540->27546 27541->27522 27542 7ff69e571fa0 31 API calls 27554 7ff69e586df5 27542->27554 27548 7ff69e5870e1 27543->27548 27586 7ff69e585820 33 API calls 27544->27586 27595 7ff69e57704c 47 API calls memcpy_s 27546->27595 27547 7ff69e586d76 memcpy_s 27547->27536 27547->27542 27550 7ff69e586bd3 27587 7ff69e57e164 33 API calls 2 library calls 27550->27587 27553 7ff69e571fa0 31 API calls 27556 7ff69e586fec 27553->27556 27557 7ff69e586e21 27554->27557 27589 7ff69e571744 33 API calls 4 library calls 27554->27589 27555 7ff69e586f79 memcpy_s 27555->27532 27555->27553 27559 7ff69e571fa0 31 API calls 27556->27559 27557->27546 27563 7ff69e57129c 33 API calls 27557->27563 27558 7ff69e586be9 memcpy_s 27558->27531 27561 7ff69e571fa0 31 API calls 27558->27561 27562 7ff69e586ff6 27559->27562 27564 7ff69e586c6d 27561->27564 27565 7ff69e571fa0 31 API calls 27562->27565 27566 7ff69e586ec2 27563->27566 27567 7ff69e571fa0 31 API calls 27564->27567 27565->27517 27568 7ff69e572034 33 API calls 27566->27568 27567->27517 27569 7ff69e586edf 27568->27569 27570 7ff69e571fa0 31 API calls 27569->27570 27570->27517 27572 7ff69e583d5b 27571->27572 27573 7ff69e583d5e SetFileAttributesW 27571->27573 27572->27573 27574 7ff69e583d74 27573->27574 27582 7ff69e583df5 27573->27582 27575 7ff69e586a0c 49 API calls 27574->27575 27577 7ff69e583d99 27575->27577 27576 7ff69e5a2320 _handle_error 8 API calls 27578 7ff69e583e0a 27576->27578 27579 7ff69e583d9d SetFileAttributesW 27577->27579 27580 7ff69e583dbc 27577->27580 27578->27471 27579->27580 27581 7ff69e583e1a 27580->27581 27580->27582 27583 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27581->27583 27582->27576 27584 7ff69e583e1f 27583->27584 27585->27520 27586->27550 27587->27558 27588->27547 27589->27557 27590->27527 27591->27539 27592->27555 27595->27514 27598 7ff69e57713b 27597->27598 27599 7ff69e577206 27597->27599 27605 7ff69e57714b memcpy_s 27598->27605 27606 7ff69e573f48 33 API calls 2 library calls 27598->27606 27607 7ff69e57704c 47 API calls memcpy_s 27599->27607 27602 7ff69e577273 27602->26965 27603 7ff69e57720b 27603->27602 27608 7ff69e57889c 8 API calls memcpy_s 27603->27608 27605->26965 27606->27605 27607->27603 27608->27603 27610 7ff69e5820ea 27609->27610 27611 7ff69e582102 27609->27611 27610->27611 27613 7ff69e5820f6 CloseHandle 27610->27613 27612 7ff69e582126 27611->27612 27615 7ff69e57b544 99 API calls 27611->27615 27612->26989 27613->27611 27615->27612 27617 7ff69e59aa36 27616->27617 27618 7ff69e59aa2f 27616->27618 27617->27618 27756 7ff69e571744 33 API calls 4 library calls 27617->27756 27618->27100 27620->27100 27622 7ff69e59a47f 27621->27622 27643 7ff69e59a706 27621->27643 27757 7ff69e59cdf8 33 API calls 27622->27757 27624 7ff69e5a2320 _handle_error 8 API calls 27626 7ff69e59a717 27624->27626 27625 7ff69e59a49e 27627 7ff69e57129c 33 API calls 27625->27627 27626->27074 27628 7ff69e59a4de 27627->27628 27629 7ff69e57129c 33 API calls 27628->27629 27630 7ff69e59a517 27629->27630 27631 7ff69e57129c 33 API calls 27630->27631 27632 7ff69e59a54a 27631->27632 27758 7ff69e59a834 33 API calls _invalid_parameter_noinfo_noreturn 27632->27758 27634 7ff69e59a734 27636 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27634->27636 27635 7ff69e59a573 27635->27634 27637 7ff69e59a73a 27635->27637 27638 7ff69e59a740 27635->27638 27641 7ff69e5720b0 33 API calls 27635->27641 27642 7ff69e59a685 27635->27642 27636->27637 27639 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27637->27639 27640 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27638->27640 27639->27638 27644 7ff69e59a746 27640->27644 27641->27642 27642->27643 27642->27644 27645 7ff69e59a72f 27642->27645 27643->27624 27646 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27644->27646 27648 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27645->27648 27647 7ff69e59a74c 27646->27647 27649 7ff69e57255c 61 API calls 27647->27649 27648->27634 27650 7ff69e59a795 27649->27650 27651 7ff69e59a7b1 27650->27651 27652 7ff69e59a801 SetDlgItemTextW 27650->27652 27655 7ff69e59a7a1 27650->27655 27653 7ff69e5a2320 _handle_error 8 API calls 27651->27653 27652->27651 27654 7ff69e59a827 27653->27654 27654->27074 27655->27651 27658 7ff69e59a7ad 27655->27658 27759 7ff69e58bb00 102 API calls 27655->27759 27656 7ff69e59a7b7 EndDialog 27656->27651 27658->27651 27658->27656 27664 7ff69e59f529 memcpy_s 27659->27664 27675 7ff69e59f87d 27659->27675 27660 7ff69e571fa0 31 API calls 27661 7ff69e59f89c 27660->27661 27662 7ff69e5a2320 _handle_error 8 API calls 27661->27662 27663 7ff69e59f8a8 27662->27663 27663->27077 27665 7ff69e59f684 27664->27665 27760 7ff69e5913c4 CompareStringW 27664->27760 27667 7ff69e57129c 33 API calls 27665->27667 27668 7ff69e59f6c0 27667->27668 27669 7ff69e5832a8 51 API calls 27668->27669 27670 7ff69e59f6ca 27669->27670 27671 7ff69e571fa0 31 API calls 27670->27671 27674 7ff69e59f6d5 27671->27674 27672 7ff69e59f742 ShellExecuteExW 27673 7ff69e59f846 27672->27673 27680 7ff69e59f755 27672->27680 27673->27675 27678 7ff69e59f8fb 27673->27678 27674->27672 27677 7ff69e57129c 33 API calls 27674->27677 27675->27660 27676 7ff69e59f78e 27762 7ff69e59fe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 27676->27762 27681 7ff69e59f717 27677->27681 27682 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27678->27682 27679 7ff69e59f7e3 CloseHandle 27683 7ff69e59f7f2 27679->27683 27684 7ff69e59f801 27679->27684 27680->27676 27680->27679 27688 7ff69e59f781 ShowWindow 27680->27688 27761 7ff69e585b60 53 API calls 2 library calls 27681->27761 27686 7ff69e59f900 27682->27686 27763 7ff69e5913c4 CompareStringW 27683->27763 27684->27673 27694 7ff69e59f837 ShowWindow 27684->27694 27688->27676 27690 7ff69e59f725 27691 7ff69e571fa0 31 API calls 27690->27691 27693 7ff69e59f72f 27691->27693 27692 7ff69e59f7a6 27692->27679 27695 7ff69e59f7b4 GetExitCodeProcess 27692->27695 27693->27672 27694->27673 27695->27679 27696 7ff69e59f7c7 27695->27696 27696->27679 27697->27100 27698->27100 27699->27100 27700->27100 27701->27100 27702->27100 27703->27100 27704->27100 27705->27100 27706->27100 27708 7ff69e5872ea 27707->27708 27764 7ff69e57b3a8 27708->27764 27711->27100 27713 7ff69e5831e7 DeleteFileW 27712->27713 27714 7ff69e5831e4 27712->27714 27715 7ff69e5831fd 27713->27715 27722 7ff69e58327c 27713->27722 27714->27713 27716 7ff69e586a0c 49 API calls 27715->27716 27718 7ff69e583222 27716->27718 27717 7ff69e5a2320 _handle_error 8 API calls 27719 7ff69e583291 27717->27719 27720 7ff69e583226 DeleteFileW 27718->27720 27721 7ff69e583243 27718->27721 27719->27100 27720->27721 27721->27722 27723 7ff69e5832a1 27721->27723 27722->27717 27724 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27723->27724 27725 7ff69e5832a6 27724->27725 27727->27100 27728->27100 27729->27100 27730->27100 27732 7ff69e587e0c 27731->27732 27733 7ff69e587e55 27732->27733 27734 7ff69e587e23 27732->27734 27768 7ff69e57704c 47 API calls memcpy_s 27733->27768 27736 7ff69e57129c 33 API calls 27734->27736 27738 7ff69e587e47 27736->27738 27737 7ff69e587e5a 27738->27100 27739->27100 27740->27100 27744 7ff69e58d25e 27741->27744 27742 7ff69e58d292 27742->27101 27743 7ff69e571744 33 API calls 27743->27744 27744->27742 27744->27743 27745->27030 27746->27018 27748->26999 27749->27002 27750->27006 27751->27058 27752->27048 27754->27054 27756->27617 27757->27625 27758->27635 27759->27658 27760->27665 27761->27690 27762->27692 27763->27684 27767 7ff69e57b3f2 memcpy_s 27764->27767 27765 7ff69e5a2320 _handle_error 8 API calls 27766 7ff69e57b4b6 27765->27766 27766->27100 27767->27765 27768->27737 27825 7ff69e5886ec 27769->27825 27771 7ff69e57e3c4 27831 7ff69e57e600 27771->27831 27773 7ff69e57e4d4 27776 7ff69e5a21d0 33 API calls 27773->27776 27774 7ff69e57e549 27777 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27774->27777 27775 7ff69e57e454 27775->27773 27775->27774 27780 7ff69e57e4f0 27776->27780 27786 7ff69e57e54e 27777->27786 27779 7ff69e57e51d 27781 7ff69e5a2320 _handle_error 8 API calls 27779->27781 27837 7ff69e593148 102 API calls 27780->27837 27782 7ff69e57e52d 27781->27782 27782->27148 27783 7ff69e5818c2 27784 7ff69e58190d 27783->27784 27787 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27783->27787 27784->27148 27785 7ff69e571fa0 31 API calls 27785->27786 27786->27783 27786->27784 27786->27785 27788 7ff69e58193b 27787->27788 27790 7ff69e57e7ea 27789->27790 27791 7ff69e57e864 27790->27791 27794 7ff69e57e8a1 27790->27794 27838 7ff69e583ec8 27790->27838 27793 7ff69e57e993 27791->27793 27791->27794 27795 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27793->27795 27801 7ff69e57e900 27794->27801 27845 7ff69e57f578 27794->27845 27798 7ff69e57e998 27795->27798 27796 7ff69e57e955 27797 7ff69e5a2320 _handle_error 8 API calls 27796->27797 27800 7ff69e57e97e 27797->27800 27803 7ff69e57e578 27800->27803 27801->27796 27881 7ff69e5728a4 82 API calls 2 library calls 27801->27881 28911 7ff69e5815d8 27803->28911 27806 7ff69e57e59e 27808 7ff69e571fa0 31 API calls 27806->27808 27807 7ff69e591870 108 API calls 27807->27806 27809 7ff69e57e5b7 27808->27809 27810 7ff69e571fa0 31 API calls 27809->27810 27811 7ff69e57e5c3 27810->27811 27812 7ff69e571fa0 31 API calls 27811->27812 27813 7ff69e57e5cf 27812->27813 27814 7ff69e58878c 108 API calls 27813->27814 27815 7ff69e57e5db 27814->27815 27816 7ff69e571fa0 31 API calls 27815->27816 27817 7ff69e57e5e4 27816->27817 27818 7ff69e571fa0 31 API calls 27817->27818 27821 7ff69e57e5ed 27818->27821 27819 7ff69e5818c2 27820 7ff69e58190d 27819->27820 27823 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27819->27823 27820->27152 27821->27819 27821->27820 27822 7ff69e571fa0 31 API calls 27821->27822 27822->27821 27824 7ff69e58193b 27823->27824 27826 7ff69e58870a 27825->27826 27827 7ff69e5a21d0 33 API calls 27826->27827 27828 7ff69e58872f 27827->27828 27829 7ff69e5a21d0 33 API calls 27828->27829 27830 7ff69e588759 27829->27830 27830->27771 27832 7ff69e57e627 27831->27832 27835 7ff69e57e62c memcpy_s 27831->27835 27833 7ff69e571fa0 31 API calls 27832->27833 27833->27835 27834 7ff69e57e668 memcpy_s 27834->27775 27835->27834 27836 7ff69e571fa0 31 API calls 27835->27836 27836->27834 27837->27779 27839 7ff69e5872cc 8 API calls 27838->27839 27840 7ff69e583ee1 27839->27840 27844 7ff69e583f0f 27840->27844 27882 7ff69e5840bc 27840->27882 27843 7ff69e583efa FindClose 27843->27844 27844->27790 27846 7ff69e57f598 _snwprintf 27845->27846 27921 7ff69e572950 27846->27921 27850 7ff69e57f5cc 27853 7ff69e57f5fc 27850->27853 27936 7ff69e5733e4 27850->27936 27852 7ff69e57f5f8 27852->27853 27968 7ff69e573ad8 27852->27968 28187 7ff69e572c54 27853->28187 27860 7ff69e57f7cb 27978 7ff69e57f8a4 27860->27978 27862 7ff69e578d04 33 API calls 27863 7ff69e57f662 27862->27863 28207 7ff69e587918 48 API calls 2 library calls 27863->28207 27865 7ff69e57f677 27867 7ff69e583ec8 55 API calls 27865->27867 27871 7ff69e57f6ad 27867->27871 27868 7ff69e57f842 27868->27853 27999 7ff69e5769f8 27868->27999 28010 7ff69e57f930 27868->28010 27874 7ff69e57f89a 27871->27874 27875 7ff69e57f74d 27871->27875 27878 7ff69e583ec8 55 API calls 27871->27878 28208 7ff69e587918 48 API calls 2 library calls 27871->28208 27876 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27874->27876 27875->27860 27875->27874 27877 7ff69e57f895 27875->27877 27880 7ff69e57f8a0 27876->27880 27879 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27877->27879 27878->27871 27879->27874 27881->27796 27883 7ff69e5840f9 FindFirstFileW 27882->27883 27884 7ff69e5841d2 FindNextFileW 27882->27884 27886 7ff69e5841f3 27883->27886 27888 7ff69e58411e 27883->27888 27884->27886 27887 7ff69e5841e1 GetLastError 27884->27887 27890 7ff69e584211 27886->27890 27893 7ff69e5720b0 33 API calls 27886->27893 27889 7ff69e5841c0 27887->27889 27891 7ff69e586a0c 49 API calls 27888->27891 27894 7ff69e5a2320 _handle_error 8 API calls 27889->27894 27897 7ff69e57129c 33 API calls 27890->27897 27892 7ff69e584144 27891->27892 27895 7ff69e584148 FindFirstFileW 27892->27895 27902 7ff69e584167 27892->27902 27893->27890 27896 7ff69e583ef4 27894->27896 27895->27902 27896->27843 27896->27844 27898 7ff69e58423b 27897->27898 27908 7ff69e588090 27898->27908 27899 7ff69e5841af GetLastError 27899->27889 27901 7ff69e584314 27904 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27901->27904 27902->27886 27902->27899 27902->27901 27905 7ff69e58431a 27904->27905 27906 7ff69e58430f 27907 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27906->27907 27907->27901 27909 7ff69e5880a5 27908->27909 27912 7ff69e588188 27909->27912 27911 7ff69e584249 27911->27889 27911->27906 27913 7ff69e588326 27912->27913 27916 7ff69e5881ba 27912->27916 27920 7ff69e57704c 47 API calls memcpy_s 27913->27920 27915 7ff69e58832b 27918 7ff69e5881d4 memcpy_s 27916->27918 27919 7ff69e5858a4 33 API calls 2 library calls 27916->27919 27918->27911 27919->27918 27920->27915 27922 7ff69e57296c 27921->27922 27923 7ff69e5886ec 33 API calls 27922->27923 27924 7ff69e57298d 27923->27924 27925 7ff69e5a21d0 33 API calls 27924->27925 27929 7ff69e572ac2 27924->27929 27927 7ff69e572ab0 27925->27927 27927->27929 28209 7ff69e5791c8 27927->28209 28216 7ff69e584d04 27929->28216 27931 7ff69e582ca8 28248 7ff69e5824c0 27931->28248 27933 7ff69e582cc5 27933->27850 28267 7ff69e5828d0 27936->28267 27937 7ff69e573431 memcpy_s 27940 7ff69e573601 27937->27940 27948 7ff69e57344e 27937->27948 28272 7ff69e582bb0 27937->28272 27938 7ff69e573674 28286 7ff69e5728a4 82 API calls 2 library calls 27938->28286 27940->27852 27941 7ff69e5769f8 141 API calls 27943 7ff69e573682 27941->27943 27943->27940 27943->27941 27944 7ff69e57370c 27943->27944 27959 7ff69e582aa0 101 API calls 27943->27959 27944->27940 27949 7ff69e573740 27944->27949 28287 7ff69e5728a4 82 API calls 2 library calls 27944->28287 27946 7ff69e5735cb 27947 7ff69e5735d7 27946->27947 27946->27948 27947->27940 27951 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27947->27951 27948->27938 27948->27943 27949->27940 27950 7ff69e57384d 27949->27950 27967 7ff69e582bb0 101 API calls 27949->27967 27950->27940 27953 7ff69e5720b0 33 API calls 27950->27953 27954 7ff69e573891 27951->27954 27952 7ff69e5734eb 27952->27946 28281 7ff69e582aa0 27952->28281 27953->27940 27954->27852 27955 7ff69e5769f8 141 API calls 27957 7ff69e57378e 27955->27957 27957->27955 27958 7ff69e573803 27957->27958 27961 7ff69e582aa0 101 API calls 27957->27961 27965 7ff69e582aa0 101 API calls 27958->27965 27959->27943 27960 7ff69e5828d0 104 API calls 27960->27946 27961->27957 27965->27950 27966 7ff69e5828d0 104 API calls 27966->27952 27967->27957 27969 7ff69e573af9 27968->27969 27975 7ff69e573b55 27968->27975 28299 7ff69e573378 27969->28299 27971 7ff69e5a2320 _handle_error 8 API calls 27972 7ff69e573b67 27971->27972 27972->27860 27972->27862 27974 7ff69e573b6c 27976 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 27974->27976 27975->27971 27977 7ff69e573b71 27976->27977 28526 7ff69e58886c 27978->28526 27980 7ff69e57f8ba 28530 7ff69e58ef60 GetSystemTime SystemTimeToFileTime 27980->28530 27983 7ff69e590994 27984 7ff69e5a0340 27983->27984 27985 7ff69e587df4 47 API calls 27984->27985 27986 7ff69e5a0373 27985->27986 27987 7ff69e58aae0 48 API calls 27986->27987 27988 7ff69e5a0387 27987->27988 27989 7ff69e58da98 48 API calls 27988->27989 27990 7ff69e5a0397 27989->27990 27991 7ff69e571fa0 31 API calls 27990->27991 27992 7ff69e5a03a2 27991->27992 28539 7ff69e59fc68 49 API calls 2 library calls 27992->28539 27994 7ff69e5a03b8 27995 7ff69e571fa0 31 API calls 27994->27995 27996 7ff69e5a03c3 27995->27996 28000 7ff69e576a0e 27999->28000 28005 7ff69e576a0a 27999->28005 28009 7ff69e582bb0 101 API calls 28000->28009 28001 7ff69e576a1b 28002 7ff69e576a3e 28001->28002 28003 7ff69e576a2f 28001->28003 28623 7ff69e575130 139 API calls 2 library calls 28002->28623 28003->28005 28540 7ff69e575e24 28003->28540 28005->27868 28006 7ff69e576a3c 28006->28005 28624 7ff69e57466c 82 API calls 28006->28624 28009->28001 28011 7ff69e57f978 28010->28011 28014 7ff69e57f9b0 28011->28014 28070 7ff69e57fa34 28011->28070 28746 7ff69e59612c 146 API calls 3 library calls 28011->28746 28013 7ff69e581189 28015 7ff69e5811e1 28013->28015 28016 7ff69e58118e 28013->28016 28014->28013 28021 7ff69e57f9d0 28014->28021 28014->28070 28015->28070 28795 7ff69e59612c 146 API calls 3 library calls 28015->28795 28016->28070 28794 7ff69e57dd08 179 API calls 28016->28794 28017 7ff69e5a2320 _handle_error 8 API calls 28018 7ff69e5811c4 28017->28018 28018->27868 28021->28070 28661 7ff69e579bb0 28021->28661 28023 7ff69e57fad6 28674 7ff69e585ef8 28023->28674 28070->28017 28188 7ff69e572c74 28187->28188 28191 7ff69e572c88 28187->28191 28188->28191 28890 7ff69e572d80 108 API calls _invalid_parameter_noinfo_noreturn 28188->28890 28189 7ff69e571fa0 31 API calls 28192 7ff69e572ca1 28189->28192 28191->28189 28194 7ff69e572d64 28192->28194 28891 7ff69e573090 31 API calls _invalid_parameter_noinfo_noreturn 28192->28891 28196 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28194->28196 28195 7ff69e572d08 28892 7ff69e573090 31 API calls _invalid_parameter_noinfo_noreturn 28195->28892 28198 7ff69e572d7c 28196->28198 28199 7ff69e572d14 28200 7ff69e571fa0 31 API calls 28199->28200 28201 7ff69e572d20 28200->28201 28893 7ff69e58878c 28201->28893 28207->27865 28208->27871 28226 7ff69e5856a4 28209->28226 28211 7ff69e5791df 28229 7ff69e58b788 28211->28229 28215 7ff69e579383 28215->27929 28217 7ff69e584d32 memcpy_s 28216->28217 28244 7ff69e584bac 28217->28244 28219 7ff69e584d54 28220 7ff69e584d90 28219->28220 28222 7ff69e584dae 28219->28222 28221 7ff69e5a2320 _handle_error 8 API calls 28220->28221 28223 7ff69e572b32 28221->28223 28224 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28222->28224 28223->27850 28223->27931 28225 7ff69e584db3 28224->28225 28235 7ff69e5856e8 28226->28235 28230 7ff69e5713a4 33 API calls 28229->28230 28231 7ff69e579365 28230->28231 28232 7ff69e579a28 28231->28232 28233 7ff69e5856e8 2 API calls 28232->28233 28234 7ff69e579a36 28233->28234 28234->28215 28236 7ff69e5856fe memcpy_s 28235->28236 28239 7ff69e58eba4 28236->28239 28242 7ff69e58eb58 GetCurrentProcess GetProcessAffinityMask 28239->28242 28241 7ff69e5856de 28241->28211 28243 7ff69e58eb7e 28242->28243 28243->28241 28243->28243 28245 7ff69e584c27 28244->28245 28247 7ff69e584c2f memcpy_s 28244->28247 28246 7ff69e571fa0 31 API calls 28245->28246 28246->28247 28247->28219 28249 7ff69e5824fd CreateFileW 28248->28249 28251 7ff69e5825ae GetLastError 28249->28251 28258 7ff69e58266e 28249->28258 28252 7ff69e586a0c 49 API calls 28251->28252 28253 7ff69e5825dc 28252->28253 28254 7ff69e5825e0 CreateFileW GetLastError 28253->28254 28259 7ff69e58262c 28253->28259 28254->28259 28255 7ff69e5826b1 SetFileTime 28261 7ff69e5826cf 28255->28261 28256 7ff69e582708 28257 7ff69e5a2320 _handle_error 8 API calls 28256->28257 28260 7ff69e58271b 28257->28260 28258->28255 28258->28261 28259->28258 28263 7ff69e582736 28259->28263 28260->27933 28266 7ff69e57b7e8 99 API calls 2 library calls 28260->28266 28261->28256 28262 7ff69e5720b0 33 API calls 28261->28262 28262->28256 28264 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28263->28264 28265 7ff69e58273b 28264->28265 28266->27933 28268 7ff69e5828f6 28267->28268 28270 7ff69e5828fd 28267->28270 28268->27937 28270->28268 28271 7ff69e582320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 28270->28271 28288 7ff69e57b8a4 99 API calls Concurrency::cancel_current_task 28270->28288 28271->28270 28273 7ff69e582bcd 28272->28273 28278 7ff69e582be9 28272->28278 28275 7ff69e5734cc 28273->28275 28289 7ff69e57b9c4 99 API calls Concurrency::cancel_current_task 28273->28289 28274 7ff69e582c01 SetFilePointer 28274->28275 28277 7ff69e582c1e GetLastError 28274->28277 28275->27966 28277->28275 28279 7ff69e582c28 28277->28279 28278->28274 28278->28275 28279->28275 28290 7ff69e57b9c4 99 API calls Concurrency::cancel_current_task 28279->28290 28291 7ff69e582778 28281->28291 28284 7ff69e5735a7 28284->27946 28284->27960 28286->27940 28287->27949 28297 7ff69e582789 _snwprintf 28291->28297 28292 7ff69e582890 SetFilePointer 28294 7ff69e5827b5 28292->28294 28296 7ff69e5828b8 GetLastError 28292->28296 28293 7ff69e5a2320 _handle_error 8 API calls 28295 7ff69e58281d 28293->28295 28294->28293 28295->28284 28298 7ff69e57b9c4 99 API calls Concurrency::cancel_current_task 28295->28298 28296->28294 28297->28292 28297->28294 28300 7ff69e57339a 28299->28300 28301 7ff69e573396 28299->28301 28305 7ff69e573294 28300->28305 28301->27974 28301->27975 28304 7ff69e582aa0 101 API calls 28304->28301 28306 7ff69e5732bb 28305->28306 28308 7ff69e5732f6 28305->28308 28307 7ff69e5769f8 141 API calls 28306->28307 28311 7ff69e5732db 28307->28311 28313 7ff69e576e74 28308->28313 28311->28304 28315 7ff69e576e95 28313->28315 28314 7ff69e5769f8 141 API calls 28314->28315 28315->28314 28317 7ff69e57331d 28315->28317 28345 7ff69e58e808 28315->28345 28317->28311 28318 7ff69e573904 28317->28318 28353 7ff69e576a7c 28318->28353 28321 7ff69e57396a 28324 7ff69e57399a 28321->28324 28325 7ff69e573989 28321->28325 28322 7ff69e573a8a 28326 7ff69e5a2320 _handle_error 8 API calls 28322->28326 28330 7ff69e5739ec 28324->28330 28331 7ff69e5739a3 28324->28331 28386 7ff69e590d54 33 API calls 28325->28386 28329 7ff69e573a9e 28326->28329 28327 7ff69e573ab3 28332 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28327->28332 28329->28311 28388 7ff69e5726b4 33 API calls memcpy_s 28330->28388 28387 7ff69e590c80 33 API calls 28331->28387 28334 7ff69e573ab8 28332->28334 28339 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28334->28339 28335 7ff69e5739b0 28340 7ff69e571fa0 31 API calls 28335->28340 28341 7ff69e5739c0 memcpy_s 28335->28341 28337 7ff69e571fa0 31 API calls 28344 7ff69e57394f 28337->28344 28338 7ff69e573a13 28389 7ff69e590ae8 34 API calls _invalid_parameter_noinfo_noreturn 28338->28389 28343 7ff69e573abe 28339->28343 28340->28341 28341->28337 28344->28322 28344->28327 28344->28334 28346 7ff69e58e811 28345->28346 28347 7ff69e58e82b 28346->28347 28351 7ff69e57b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 28346->28351 28349 7ff69e58e845 SetThreadExecutionState 28347->28349 28352 7ff69e57b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 28347->28352 28351->28347 28352->28349 28354 7ff69e576a96 _snwprintf 28353->28354 28355 7ff69e576ae4 28354->28355 28356 7ff69e576ac4 28354->28356 28358 7ff69e576d4d 28355->28358 28362 7ff69e576b0f 28355->28362 28428 7ff69e5728a4 82 API calls 2 library calls 28356->28428 28457 7ff69e5728a4 82 API calls 2 library calls 28358->28457 28359 7ff69e576ad0 28361 7ff69e5a2320 _handle_error 8 API calls 28359->28361 28363 7ff69e57394b 28361->28363 28362->28359 28390 7ff69e591f94 28362->28390 28363->28321 28363->28344 28385 7ff69e572794 33 API calls __std_swap_ranges_trivially_swappable 28363->28385 28366 7ff69e576b6e 28429 7ff69e5728a4 82 API calls 2 library calls 28366->28429 28368 7ff69e576b80 28375 7ff69e576b85 28368->28375 28430 7ff69e5740b0 28368->28430 28373 7ff69e576c2a 28399 7ff69e584760 28373->28399 28374 7ff69e576c52 28376 7ff69e576cc7 28374->28376 28377 7ff69e576cd1 28374->28377 28375->28373 28384 7ff69e576b7b 28375->28384 28434 7ff69e588968 109 API calls 28375->28434 28403 7ff69e581794 28376->28403 28435 7ff69e591f20 28377->28435 28418 7ff69e591870 28384->28418 28385->28321 28386->28344 28387->28335 28388->28338 28389->28344 28391 7ff69e592056 std::bad_alloc::bad_alloc 28390->28391 28394 7ff69e591fc5 std::bad_alloc::bad_alloc 28390->28394 28458 7ff69e5a4078 28391->28458 28392 7ff69e576b59 28392->28366 28392->28368 28392->28375 28394->28392 28395 7ff69e5a4078 Concurrency::cancel_current_task 2 API calls 28394->28395 28396 7ff69e59200f std::bad_alloc::bad_alloc 28394->28396 28395->28396 28396->28392 28397 7ff69e5a4078 Concurrency::cancel_current_task 2 API calls 28396->28397 28398 7ff69e5920a9 28397->28398 28400 7ff69e584780 28399->28400 28402 7ff69e58478a 28399->28402 28401 7ff69e5a21d0 33 API calls 28400->28401 28401->28402 28402->28374 28404 7ff69e5817be memcpy_s 28403->28404 28463 7ff69e588a48 28404->28463 28419 7ff69e59188e 28418->28419 28421 7ff69e5918a1 28419->28421 28483 7ff69e58e948 28419->28483 28425 7ff69e5918d8 28421->28425 28479 7ff69e5a236c 28421->28479 28423 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28424 7ff69e591ad0 28423->28424 28427 7ff69e591a37 28425->28427 28490 7ff69e58a984 31 API calls _invalid_parameter_noinfo_noreturn 28425->28490 28427->28423 28428->28359 28429->28384 28431 7ff69e5740dd 28430->28431 28433 7ff69e5740d7 memcpy_s 28430->28433 28431->28433 28491 7ff69e574120 33 API calls 2 library calls 28431->28491 28433->28375 28434->28373 28436 7ff69e591f29 28435->28436 28437 7ff69e591f5d 28436->28437 28438 7ff69e591f55 28436->28438 28439 7ff69e591f49 28436->28439 28457->28359 28459 7ff69e5a40b4 RtlPcToFileHeader 28458->28459 28461 7ff69e5a4097 28458->28461 28460 7ff69e5a40db RaiseException 28459->28460 28462 7ff69e5a40cc 28459->28462 28460->28394 28461->28459 28462->28460 28480 7ff69e5a239f 28479->28480 28481 7ff69e5a23c8 28480->28481 28482 7ff69e591870 108 API calls 28480->28482 28481->28425 28482->28480 28484 7ff69e58ecd8 103 API calls 28483->28484 28485 7ff69e58e95f ReleaseSemaphore 28484->28485 28486 7ff69e58e9a3 DeleteCriticalSection CloseHandle CloseHandle 28485->28486 28487 7ff69e58e984 28485->28487 28488 7ff69e58ea5c 101 API calls 28487->28488 28489 7ff69e58e98e CloseHandle 28488->28489 28489->28486 28489->28487 28490->28427 28527 7ff69e588882 28526->28527 28528 7ff69e588892 28526->28528 28533 7ff69e5823f0 28527->28533 28528->27980 28531 7ff69e5a2320 _handle_error 8 API calls 28530->28531 28532 7ff69e57f7dc 28531->28532 28532->27868 28532->27983 28534 7ff69e58240f 28533->28534 28538 7ff69e582aa0 101 API calls 28534->28538 28535 7ff69e582428 28537 7ff69e582bb0 101 API calls 28535->28537 28536 7ff69e582438 28536->28528 28537->28536 28538->28535 28539->27994 28541 7ff69e575e67 28540->28541 28543 7ff69e575ea5 28541->28543 28547 7ff69e575eb7 28541->28547 28571 7ff69e576084 28541->28571 28635 7ff69e5728a4 82 API calls 2 library calls 28543->28635 28545 7ff69e576134 28642 7ff69e576fcc 82 API calls 28545->28642 28547->28545 28548 7ff69e575f44 28547->28548 28636 7ff69e576f38 33 API calls memcpy_s 28547->28636 28637 7ff69e576d88 82 API calls 28548->28637 28549 7ff69e5769af 28551 7ff69e5a2320 _handle_error 8 API calls 28549->28551 28554 7ff69e5769c3 28551->28554 28553 7ff69e5769e4 28555 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28553->28555 28554->28006 28557 7ff69e5769e9 28555->28557 28556 7ff69e576973 28619 7ff69e575eb2 28556->28619 28558 7ff69e57612e 28558->28545 28558->28556 28564 7ff69e5885f0 104 API calls 28558->28564 28562 7ff69e576034 28566 7ff69e5a236c 108 API calls 28562->28566 28562->28571 28563 7ff69e5769ef 28567 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28563->28567 28569 7ff69e5769f5 28567->28569 28625 7ff69e5885f0 28571->28625 28572 7ff69e576097 28641 7ff69e57433c 82 API calls 2 library calls 28572->28641 28575 7ff69e575f5d 28575->28562 28575->28572 28638 7ff69e57433c 82 API calls 2 library calls 28575->28638 28639 7ff69e576d88 82 API calls 28575->28639 28640 7ff69e57a1a0 109 API calls _handle_error 28575->28640 28579 7ff69e5760a1 28579->28619 28619->28549 28619->28553 28619->28563 28623->28006 28626 7ff69e588614 28625->28626 28627 7ff69e58869a 28625->28627 28628 7ff69e58867c 28626->28628 28630 7ff69e5740b0 33 API calls 28626->28630 28627->28628 28629 7ff69e5740b0 33 API calls 28627->28629 28628->28558 28631 7ff69e5886b3 28629->28631 28632 7ff69e58864d 28630->28632 28634 7ff69e5828d0 104 API calls 28631->28634 28656 7ff69e57a174 28632->28656 28634->28628 28635->28619 28637->28575 28638->28575 28639->28575 28640->28575 28641->28579 28642->28619 28666 7ff69e579be7 28661->28666 28662 7ff69e579c1b 28663 7ff69e5a2320 _handle_error 8 API calls 28662->28663 28664 7ff69e579c9d 28663->28664 28664->28023 28666->28662 28669 7ff69e579cae 28666->28669 28673 7ff69e579c83 28666->28673 28796 7ff69e585294 28666->28796 28816 7ff69e58db60 28666->28816 28668 7ff69e571fa0 31 API calls 28668->28662 28670 7ff69e579cbf 28669->28670 28820 7ff69e58da48 CompareStringW 28669->28820 28672 7ff69e5720b0 33 API calls 28670->28672 28670->28673 28672->28673 28673->28668 28687 7ff69e585f3a 28674->28687 28675 7ff69e5a2320 _handle_error 8 API calls 28678 7ff69e57129c 33 API calls 28680 7ff69e586129 28678->28680 28683 7ff69e58619b 28683->28675 28686 7ff69e5861ce 28687->28678 28687->28683 28687->28686 28746->28014 28794->28070 28795->28070 28798 7ff69e5852d4 28796->28798 28802 7ff69e58539e __vcrt_InitializeCriticalSectionEx 28798->28802 28804 7ff69e585312 __vcrt_InitializeCriticalSectionEx 28798->28804 28827 7ff69e5913f4 CompareStringW 28798->28827 28799 7ff69e5a2320 _handle_error 8 API calls 28800 7ff69e585503 28799->28800 28800->28666 28803 7ff69e585339 28802->28803 28821 7ff69e585524 28802->28821 28803->28799 28804->28803 28806 7ff69e585382 __vcrt_InitializeCriticalSectionEx 28804->28806 28828 7ff69e5913f4 CompareStringW 28804->28828 28806->28802 28806->28803 28807 7ff69e57129c 33 API calls 28806->28807 28808 7ff69e585439 28806->28808 28809 7ff69e585426 28807->28809 28811 7ff69e58551b 28808->28811 28812 7ff69e585489 28808->28812 28810 7ff69e5872cc 8 API calls 28809->28810 28810->28808 28814 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28811->28814 28812->28802 28812->28803 28829 7ff69e5913f4 CompareStringW 28812->28829 28817 7ff69e58db73 28816->28817 28818 7ff69e5720b0 33 API calls 28817->28818 28819 7ff69e58db91 28817->28819 28818->28819 28819->28666 28820->28670 28823 7ff69e585550 28821->28823 28822 7ff69e5913b8 CharUpperW 28822->28823 28823->28822 28825 7ff69e5855bf 28823->28825 28826 7ff69e5855fd 28823->28826 28824 7ff69e585524 CharUpperW 28824->28825 28825->28824 28825->28826 28826->28803 28827->28804 28828->28806 28829->28802 28890->28191 28891->28195 28892->28199 28894 7ff69e5887af 28893->28894 28895 7ff69e5887df 28893->28895 28896 7ff69e5a236c 108 API calls 28894->28896 28897 7ff69e5a236c 108 API calls 28895->28897 28905 7ff69e58882b 28895->28905 28899 7ff69e5887ca 28896->28899 28900 7ff69e588814 28897->28900 28902 7ff69e5a236c 108 API calls 28899->28902 28903 7ff69e5a236c 108 API calls 28900->28903 28901 7ff69e588845 28904 7ff69e58461c 108 API calls 28901->28904 28902->28895 28903->28905 28906 7ff69e588851 28904->28906 28907 7ff69e58461c 28905->28907 28908 7ff69e584632 28907->28908 28910 7ff69e58463a 28907->28910 28909 7ff69e58e948 108 API calls 28908->28909 28909->28910 28910->28901 28912 7ff69e58163e 28911->28912 28918 7ff69e581681 28911->28918 28915 7ff69e5831bc 51 API calls 28912->28915 28912->28918 28913 7ff69e57e600 31 API calls 28916 7ff69e5816de 28913->28916 28914 7ff69e571fa0 31 API calls 28914->28918 28915->28912 28917 7ff69e58175b 28916->28917 28919 7ff69e58178d 28916->28919 28920 7ff69e5a2320 _handle_error 8 API calls 28917->28920 28918->28914 28921 7ff69e5816a0 28918->28921 28923 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28919->28923 28922 7ff69e57e58a 28920->28922 28921->28913 28922->27806 28922->27807 28924 7ff69e581792 28923->28924 28926 7ff69e5984cc 4 API calls 28925->28926 28927 7ff69e5984aa 28926->28927 28928 7ff69e5984b9 28927->28928 28937 7ff69e598504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28927->28937 28928->27159 28928->27160 28930->27165 28931->27171 28933 7ff69e5984de 28932->28933 28935 7ff69e5984e3 28932->28935 28938 7ff69e598590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28933->28938 28935->27171 28936->27174 28937->28928 28938->28935 28939->27201 28942 7ff69e5714ad 28941->28942 28943 7ff69e5715ae 28941->28943 28946 7ff69e5715a3 28942->28946 28947 7ff69e571503 28942->28947 28950 7ff69e5714ce memcpy_s 28942->28950 28954 7ff69e572004 33 API calls std::_Xinvalid_argument 28943->28954 28953 7ff69e571f80 33 API calls 3 library calls 28946->28953 28949 7ff69e5a21d0 33 API calls 28947->28949 28947->28950 28949->28950 28951 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28950->28951 28952 7ff69e571576 28950->28952 28951->28943 28952->27224 28953->28950 28955->27240 28956->27247 28958->27252 28960 7ff69e5a03e0 28961 7ff69e5a041f 28960->28961 28962 7ff69e5a0497 28960->28962 28964 7ff69e58aae0 48 API calls 28961->28964 28963 7ff69e58aae0 48 API calls 28962->28963 28965 7ff69e5a04ab 28963->28965 28966 7ff69e5a0433 28964->28966 28967 7ff69e58da98 48 API calls 28965->28967 28968 7ff69e58da98 48 API calls 28966->28968 28971 7ff69e5a0442 memcpy_s 28967->28971 28968->28971 28969 7ff69e571fa0 31 API calls 28970 7ff69e5a0541 28969->28970 28972 7ff69e57250c SetDlgItemTextW 28970->28972 28971->28969 28973 7ff69e5a05cc 28971->28973 28974 7ff69e5a05c6 28971->28974 28976 7ff69e5a0556 SetWindowTextW 28972->28976 28975 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28973->28975 28977 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28974->28977 28978 7ff69e5a05d2 28975->28978 28979 7ff69e5a056f 28976->28979 28980 7ff69e5a059c 28976->28980 28977->28973 28979->28980 28982 7ff69e5a05c1 28979->28982 28981 7ff69e5a2320 _handle_error 8 API calls 28980->28981 28983 7ff69e5a05af 28981->28983 28984 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 28982->28984 28984->28974 28985 7ff69e5a20f0 28986 7ff69e5a2106 _com_error::_com_error 28985->28986 28987 7ff69e5a4078 Concurrency::cancel_current_task 2 API calls 28986->28987 28988 7ff69e5a2117 28987->28988 28989 7ff69e5a1900 _com_raise_error 14 API calls 28988->28989 28990 7ff69e5a2163 28989->28990 28991 7ff69e5a154b 28992 7ff69e5a14a2 28991->28992 28993 7ff69e5a1900 _com_raise_error 14 API calls 28992->28993 28993->28992 28994 7ff69e5ad94c 28995 7ff69e5ad997 28994->28995 28999 7ff69e5ad95b abort 28994->28999 29001 7ff69e5ad69c 15 API calls _set_errno_from_matherr 28995->29001 28997 7ff69e5ad97e HeapAlloc 28998 7ff69e5ad995 28997->28998 28997->28999 28999->28995 28999->28997 29000 7ff69e5abbc0 abort 2 API calls 28999->29000 29000->28999 29001->28998 29002 7ff69e5abf2c 29009 7ff69e5abc34 29002->29009 29014 7ff69e5ad440 35 API calls 2 library calls 29009->29014 29011 7ff69e5abc3f 29015 7ff69e5ad068 35 API calls abort 29011->29015 29014->29011 29016 7ff69e5a2d6c 29041 7ff69e5a27fc 29016->29041 29019 7ff69e5a2eb8 29140 7ff69e5a3170 7 API calls 2 library calls 29019->29140 29020 7ff69e5a2d88 __scrt_acquire_startup_lock 29022 7ff69e5a2ec2 29020->29022 29024 7ff69e5a2da6 29020->29024 29141 7ff69e5a3170 7 API calls 2 library calls 29022->29141 29025 7ff69e5a2dcb 29024->29025 29032 7ff69e5a2de8 __scrt_release_startup_lock 29024->29032 29049 7ff69e5acd90 29024->29049 29026 7ff69e5a2ecd abort 29028 7ff69e5a2e51 29053 7ff69e5a32bc 29028->29053 29030 7ff69e5a2e56 29056 7ff69e5acd20 29030->29056 29032->29028 29137 7ff69e5ac050 35 API calls __GSHandlerCheck_EH 29032->29137 29142 7ff69e5a2fb0 29041->29142 29044 7ff69e5a2827 29044->29019 29044->29020 29045 7ff69e5a282b 29144 7ff69e5acc50 29045->29144 29050 7ff69e5acdcc 29049->29050 29051 7ff69e5acdeb 29049->29051 29050->29051 29161 7ff69e571120 29050->29161 29051->29032 29054 7ff69e5a3cf0 memcpy_s 29053->29054 29055 7ff69e5a32d3 GetStartupInfoW 29054->29055 29055->29030 29167 7ff69e5b0730 29056->29167 29058 7ff69e5a2e5e 29061 7ff69e5a0754 29058->29061 29060 7ff69e5acd2f 29060->29058 29171 7ff69e5b0ac0 35 API calls swprintf 29060->29171 29173 7ff69e58dfd0 29061->29173 29064 7ff69e5862dc 35 API calls 29065 7ff69e5a079a 29064->29065 29250 7ff69e59946c 29065->29250 29067 7ff69e5a07a4 memcpy_s 29255 7ff69e599a14 29067->29255 29069 7ff69e5a0ddc 29070 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 29069->29070 29072 7ff69e5a0de2 29070->29072 29071 7ff69e5a096e GetCommandLineW 29073 7ff69e5a0980 29071->29073 29074 7ff69e5a0b42 29071->29074 29077 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 29072->29077 29080 7ff69e57129c 33 API calls 29073->29080 29076 7ff69e586454 34 API calls 29074->29076 29075 7ff69e5a0819 29075->29069 29075->29071 29078 7ff69e5a0b51 29076->29078 29079 7ff69e5a0de8 29077->29079 29083 7ff69e571fa0 31 API calls 29078->29083 29087 7ff69e5a0b68 memcpy_s 29078->29087 29085 7ff69e5a1900 _com_raise_error 14 API calls 29079->29085 29082 7ff69e5a09a5 29080->29082 29081 7ff69e571fa0 31 API calls 29084 7ff69e5a0b93 SetEnvironmentVariableW GetLocalTime 29081->29084 29265 7ff69e59cad0 29082->29265 29083->29087 29088 7ff69e583e28 swprintf 46 API calls 29084->29088 29089 7ff69e5a0e34 29085->29089 29087->29081 29091 7ff69e5a0c18 SetEnvironmentVariableW GetModuleHandleW LoadIconW 29088->29091 29090 7ff69e5a09af 29090->29072 29093 7ff69e5a09f9 OpenFileMappingW 29090->29093 29094 7ff69e5a0adb 29090->29094 29297 7ff69e59b014 LoadBitmapW 29091->29297 29095 7ff69e5a0ad0 CloseHandle 29093->29095 29096 7ff69e5a0a19 MapViewOfFile 29093->29096 29100 7ff69e57129c 33 API calls 29094->29100 29095->29074 29096->29095 29098 7ff69e5a0a3f UnmapViewOfFile MapViewOfFile 29096->29098 29098->29095 29101 7ff69e5a0a71 29098->29101 29103 7ff69e5a0b00 29100->29103 29328 7ff69e59a190 33 API calls 2 library calls 29101->29328 29102 7ff69e5a0c75 29321 7ff69e5967b4 29102->29321 29284 7ff69e59fd0c 29103->29284 29107 7ff69e5a0a81 29110 7ff69e59fd0c 35 API calls 29107->29110 29112 7ff69e5a0a90 29110->29112 29111 7ff69e5967b4 33 API calls 29113 7ff69e5a0c87 DialogBoxParamW 29111->29113 29329 7ff69e58b9b4 102 API calls 29112->29329 29119 7ff69e5a0cd3 29113->29119 29115 7ff69e5a0dd7 29118 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 29115->29118 29116 7ff69e5a0aa5 29330 7ff69e58bb00 102 API calls 29116->29330 29118->29069 29121 7ff69e5a0ce6 Sleep 29119->29121 29122 7ff69e5a0cec 29119->29122 29120 7ff69e5a0ab8 29124 7ff69e5a0ac7 UnmapViewOfFile 29120->29124 29121->29122 29123 7ff69e5a0cfa 29122->29123 29331 7ff69e599f4c 49 API calls 2 library calls 29122->29331 29126 7ff69e5a0d06 DeleteObject 29123->29126 29124->29095 29127 7ff69e5a0d1f DeleteObject 29126->29127 29128 7ff69e5a0d25 29126->29128 29127->29128 29129 7ff69e5a0d5b 29128->29129 29133 7ff69e5a0d6d 29128->29133 29332 7ff69e59fe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 29129->29332 29131 7ff69e5a0d60 CloseHandle 29131->29133 29324 7ff69e5994e4 29133->29324 29137->29028 29140->29022 29141->29026 29143 7ff69e5a281e __scrt_dllmain_crt_thread_attach 29142->29143 29143->29044 29143->29045 29145 7ff69e5b0d4c 29144->29145 29146 7ff69e5a2830 29145->29146 29149 7ff69e5aec00 29145->29149 29146->29044 29148 7ff69e5a51a0 7 API calls 2 library calls 29146->29148 29148->29044 29160 7ff69e5af398 EnterCriticalSection 29149->29160 29162 7ff69e5791c8 35 API calls 29161->29162 29163 7ff69e571130 29162->29163 29166 7ff69e5a29bc 34 API calls 29163->29166 29165 7ff69e5a2a01 29165->29050 29166->29165 29168 7ff69e5b0749 29167->29168 29169 7ff69e5b073d 29167->29169 29168->29060 29172 7ff69e5b0570 48 API calls 4 library calls 29169->29172 29171->29060 29172->29168 29333 7ff69e5a2450 29173->29333 29176 7ff69e58e026 GetProcAddress 29179 7ff69e58e053 GetProcAddress 29176->29179 29180 7ff69e58e03b 29176->29180 29177 7ff69e58e07b 29178 7ff69e58e503 29177->29178 29340 7ff69e5ab788 39 API calls 2 library calls 29177->29340 29182 7ff69e586454 34 API calls 29178->29182 29179->29177 29183 7ff69e58e068 29179->29183 29180->29179 29185 7ff69e58e50c 29182->29185 29183->29177 29184 7ff69e58e3b0 29184->29178 29186 7ff69e58e3ba 29184->29186 29187 7ff69e587df4 47 API calls 29185->29187 29188 7ff69e586454 34 API calls 29186->29188 29214 7ff69e58e51a 29187->29214 29189 7ff69e58e3c3 CreateFileW 29188->29189 29191 7ff69e58e4f0 CloseHandle 29189->29191 29192 7ff69e58e403 SetFilePointer 29189->29192 29194 7ff69e571fa0 31 API calls 29191->29194 29192->29191 29193 7ff69e58e41c ReadFile 29192->29193 29193->29191 29195 7ff69e58e444 29193->29195 29194->29178 29196 7ff69e58e800 29195->29196 29197 7ff69e58e458 29195->29197 29349 7ff69e5a2624 8 API calls 29196->29349 29202 7ff69e57129c 33 API calls 29197->29202 29199 7ff69e58e805 29200 7ff69e58e53e CompareStringW 29200->29214 29201 7ff69e57129c 33 API calls 29201->29214 29207 7ff69e58e48f 29202->29207 29203 7ff69e588090 47 API calls 29203->29214 29205 7ff69e58e63a 29208 7ff69e58e7c2 29205->29208 29209 7ff69e58e648 29205->29209 29206 7ff69e571fa0 31 API calls 29206->29214 29211 7ff69e58e4db 29207->29211 29341 7ff69e58d0a0 29207->29341 29213 7ff69e571fa0 31 API calls 29208->29213 29345 7ff69e587eb0 47 API calls 29209->29345 29210 7ff69e5832bc 51 API calls 29210->29214 29215 7ff69e571fa0 31 API calls 29211->29215 29217 7ff69e58e7cb 29213->29217 29214->29200 29214->29201 29214->29203 29214->29206 29214->29210 29235 7ff69e58e5cc 29214->29235 29335 7ff69e5851a4 29214->29335 29218 7ff69e58e4e5 29215->29218 29216 7ff69e58e651 29219 7ff69e5851a4 9 API calls 29216->29219 29221 7ff69e571fa0 31 API calls 29217->29221 29222 7ff69e571fa0 31 API calls 29218->29222 29223 7ff69e58e656 29219->29223 29220 7ff69e57129c 33 API calls 29220->29235 29224 7ff69e58e7d5 29221->29224 29222->29191 29225 7ff69e58e706 29223->29225 29232 7ff69e58e661 29223->29232 29227 7ff69e5a2320 _handle_error 8 API calls 29224->29227 29229 7ff69e58da98 48 API calls 29225->29229 29226 7ff69e588090 47 API calls 29226->29235 29228 7ff69e58e7e4 29227->29228 29228->29064 29230 7ff69e58e74b AllocConsole 29229->29230 29233 7ff69e58e6fb 29230->29233 29234 7ff69e58e755 GetCurrentProcessId AttachConsole 29230->29234 29231 7ff69e571fa0 31 API calls 29231->29235 29238 7ff69e58aae0 48 API calls 29232->29238 29348 7ff69e5719e0 31 API calls _invalid_parameter_noinfo_noreturn 29233->29348 29236 7ff69e58e76c 29234->29236 29235->29205 29235->29220 29235->29226 29235->29231 29237 7ff69e5832bc 51 API calls 29235->29237 29243 7ff69e58e778 GetStdHandle WriteConsoleW Sleep FreeConsole 29236->29243 29237->29235 29240 7ff69e58e6a5 29238->29240 29242 7ff69e58da98 48 API calls 29240->29242 29241 7ff69e58e7b9 ExitProcess 29244 7ff69e58e6c3 29242->29244 29243->29233 29245 7ff69e58aae0 48 API calls 29244->29245 29246 7ff69e58e6ce 29245->29246 29346 7ff69e58dc2c 33 API calls 29246->29346 29248 7ff69e58e6da 29347 7ff69e5719e0 31 API calls _invalid_parameter_noinfo_noreturn 29248->29347 29251 7ff69e58dd88 29250->29251 29252 7ff69e599481 OleInitialize 29251->29252 29253 7ff69e5994a7 29252->29253 29254 7ff69e5994cd SHGetMalloc 29253->29254 29254->29067 29256 7ff69e599a49 29255->29256 29258 7ff69e599a4e memcpy_s 29255->29258 29257 7ff69e571fa0 31 API calls 29256->29257 29257->29258 29259 7ff69e571fa0 31 API calls 29258->29259 29261 7ff69e599a7d memcpy_s 29258->29261 29259->29261 29260 7ff69e571fa0 31 API calls 29262 7ff69e599aac memcpy_s 29260->29262 29261->29260 29261->29262 29263 7ff69e571fa0 31 API calls 29262->29263 29264 7ff69e599adb memcpy_s 29262->29264 29263->29264 29264->29075 29266 7ff69e58d0a0 33 API calls 29265->29266 29282 7ff69e59cb1f memcpy_s 29266->29282 29267 7ff69e59cd8b 29268 7ff69e59cdbe 29267->29268 29270 7ff69e59cde4 29267->29270 29269 7ff69e5a2320 _handle_error 8 API calls 29268->29269 29271 7ff69e59cdcf 29269->29271 29273 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 29270->29273 29271->29090 29272 7ff69e58d0a0 33 API calls 29272->29282 29274 7ff69e59cde9 29273->29274 29351 7ff69e57704c 47 API calls memcpy_s 29274->29351 29275 7ff69e59cdef 29352 7ff69e57704c 47 API calls memcpy_s 29275->29352 29279 7ff69e59cdf5 29280 7ff69e5913b8 CharUpperW 29280->29282 29281 7ff69e571fa0 31 API calls 29281->29282 29282->29267 29282->29270 29282->29272 29282->29274 29282->29275 29282->29280 29282->29281 29283 7ff69e57129c 33 API calls 29282->29283 29350 7ff69e58bb00 102 API calls 29282->29350 29283->29282 29285 7ff69e59fd39 29284->29285 29286 7ff69e59fd3c SetEnvironmentVariableW 29284->29286 29285->29286 29287 7ff69e58d0a0 33 API calls 29286->29287 29294 7ff69e59fd74 29287->29294 29288 7ff69e59fdc3 29290 7ff69e59fdfa 29288->29290 29292 7ff69e59fe1b 29288->29292 29289 7ff69e5a2320 _handle_error 8 API calls 29291 7ff69e59fe0b 29289->29291 29290->29289 29291->29074 29291->29115 29293 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 29292->29293 29295 7ff69e59fe20 29293->29295 29294->29288 29296 7ff69e59fdad SetEnvironmentVariableW 29294->29296 29296->29288 29298 7ff69e59b03e 29297->29298 29299 7ff69e59b046 29297->29299 29353 7ff69e598624 FindResourceExW 29298->29353 29301 7ff69e59b04e GetObjectW 29299->29301 29302 7ff69e59b063 29299->29302 29301->29302 29303 7ff69e59849c 4 API calls 29302->29303 29304 7ff69e59b078 29303->29304 29305 7ff69e59b0ce 29304->29305 29306 7ff69e59b09e 29304->29306 29307 7ff69e598624 11 API calls 29304->29307 29316 7ff69e5898ac 29305->29316 29368 7ff69e598504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 29306->29368 29309 7ff69e59b08a 29307->29309 29309->29306 29311 7ff69e59b092 DeleteObject 29309->29311 29310 7ff69e59b0a7 29312 7ff69e5984cc 4 API calls 29310->29312 29311->29306 29313 7ff69e59b0b2 29312->29313 29369 7ff69e598df4 16 API calls _handle_error 29313->29369 29315 7ff69e59b0bf DeleteObject 29315->29305 29370 7ff69e5898dc 29316->29370 29318 7ff69e5898ba 29437 7ff69e58a43c GetModuleHandleW FindResourceW 29318->29437 29320 7ff69e5898c2 29320->29102 29322 7ff69e5a21d0 33 API calls 29321->29322 29323 7ff69e5967fa 29322->29323 29323->29111 29325 7ff69e599501 29324->29325 29326 7ff69e59950a OleUninitialize 29325->29326 29327 7ff69e5de330 29326->29327 29328->29107 29329->29116 29330->29120 29331->29123 29332->29131 29334 7ff69e58dff4 GetModuleHandleW 29333->29334 29334->29176 29334->29177 29336 7ff69e5851c8 GetVersionExW 29335->29336 29337 7ff69e5851fb 29335->29337 29336->29337 29338 7ff69e5a2320 _handle_error 8 API calls 29337->29338 29339 7ff69e585228 29338->29339 29339->29214 29340->29184 29343 7ff69e58d0d2 29341->29343 29342 7ff69e58d106 29342->29207 29343->29342 29344 7ff69e571744 33 API calls 29343->29344 29344->29343 29345->29216 29346->29248 29347->29233 29348->29241 29349->29199 29350->29282 29351->29275 29352->29279 29354 7ff69e59864f SizeofResource 29353->29354 29355 7ff69e59879b 29353->29355 29354->29355 29356 7ff69e598669 LoadResource 29354->29356 29355->29299 29356->29355 29357 7ff69e598682 LockResource 29356->29357 29357->29355 29358 7ff69e598697 GlobalAlloc 29357->29358 29358->29355 29359 7ff69e5986b8 GlobalLock 29358->29359 29360 7ff69e598792 GlobalFree 29359->29360 29361 7ff69e5986ca memcpy_s 29359->29361 29360->29355 29362 7ff69e5986d8 CreateStreamOnHGlobal 29361->29362 29363 7ff69e5986f6 GdipAlloc 29362->29363 29364 7ff69e598789 GlobalUnlock 29362->29364 29365 7ff69e59870b 29363->29365 29364->29360 29365->29364 29366 7ff69e598772 29365->29366 29367 7ff69e59875a GdipCreateHBITMAPFromBitmap 29365->29367 29366->29364 29367->29366 29368->29310 29369->29315 29373 7ff69e5898fe _snwprintf 29370->29373 29371 7ff69e589973 29447 7ff69e5868b0 48 API calls 29371->29447 29373->29371 29375 7ff69e589a89 29373->29375 29374 7ff69e571fa0 31 API calls 29377 7ff69e5899fd 29374->29377 29375->29377 29380 7ff69e5720b0 33 API calls 29375->29380 29376 7ff69e58997d memcpy_s 29376->29374 29378 7ff69e58a42e 29376->29378 29382 7ff69e5824c0 54 API calls 29377->29382 29379 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 29378->29379 29381 7ff69e58a434 29379->29381 29380->29377 29385 7ff69e5a7904 _invalid_parameter_noinfo_noreturn 31 API calls 29381->29385 29383 7ff69e589a1a 29382->29383 29384 7ff69e589a22 29383->29384 29392 7ff69e589aad 29383->29392 29386 7ff69e58204c 100 API calls 29384->29386 29388 7ff69e58a43a 29385->29388 29389 7ff69e589a2b 29386->29389 29387 7ff69e589b17 29439 7ff69e5aa450 29387->29439 29389->29381 29391 7ff69e589a66 29389->29391 29396 7ff69e5a2320 _handle_error 8 API calls 29391->29396 29392->29387 29393 7ff69e588e58 33 API calls 29392->29393 29393->29392 29395 7ff69e5aa450 31 API calls 29408 7ff69e589b57 __vcrt_InitializeCriticalSectionEx 29395->29408 29397 7ff69e58a40e 29396->29397 29397->29318 29398 7ff69e589c89 29400 7ff69e582aa0 101 API calls 29398->29400 29411 7ff69e589d5c 29398->29411 29399 7ff69e582bb0 101 API calls 29399->29408 29402 7ff69e589ca1 29400->29402 29401 7ff69e5828d0 104 API calls 29401->29408 29403 7ff69e5828d0 104 API calls 29402->29403 29402->29411 29409 7ff69e589cc9 29403->29409 29404 7ff69e58204c 100 API calls 29406 7ff69e58a3f5 29404->29406 29405 7ff69e582aa0 101 API calls 29405->29408 29407 7ff69e571fa0 31 API calls 29406->29407 29407->29391 29408->29398 29408->29399 29408->29401 29408->29405 29408->29411 29409->29411 29431 7ff69e589cd7 __vcrt_InitializeCriticalSectionEx 29409->29431 29448 7ff69e590bbc MultiByteToWideChar 29409->29448 29411->29404 29412 7ff69e58a1ec 29424 7ff69e58a2c2 29412->29424 29454 7ff69e5acf90 31 API calls 2 library calls 29412->29454 29414 7ff69e58a157 29414->29412 29451 7ff69e5acf90 31 API calls 2 library calls 29414->29451 29417 7ff69e58a14b 29417->29318 29418 7ff69e58a2ae 29418->29424 29456 7ff69e588cd0 33 API calls 2 library calls 29418->29456 29419 7ff69e58a3a2 29421 7ff69e5aa450 31 API calls 29419->29421 29420 7ff69e58a249 29455 7ff69e5ab7bc 31 API calls _invalid_parameter_noinfo_noreturn 29420->29455 29423 7ff69e58a3cb 29421->29423 29426 7ff69e5aa450 31 API calls 29423->29426 29424->29419 29428 7ff69e588e58 33 API calls 29424->29428 29425 7ff69e58a16d 29452 7ff69e5ab7bc 31 API calls _invalid_parameter_noinfo_noreturn 29425->29452 29426->29411 29428->29424 29429 7ff69e58a1d8 29429->29412 29453 7ff69e588cd0 33 API calls 2 library calls 29429->29453 29431->29411 29431->29412 29431->29414 29431->29417 29432 7ff69e58a429 29431->29432 29434 7ff69e590f68 WideCharToMultiByte 29431->29434 29449 7ff69e58aa88 45 API calls 2 library calls 29431->29449 29450 7ff69e5aa270 31 API calls 2 library calls 29431->29450 29457 7ff69e5a2624 8 API calls 29432->29457 29434->29431 29438 7ff69e58a468 29437->29438 29438->29320 29440 7ff69e5aa47d 29439->29440 29446 7ff69e5aa492 29440->29446 29458 7ff69e5ad69c 15 API calls _set_errno_from_matherr 29440->29458 29442 7ff69e5aa487 29459 7ff69e5a78e4 31 API calls _invalid_parameter_noinfo_noreturn 29442->29459 29443 7ff69e5a2320 _handle_error 8 API calls 29445 7ff69e589b37 29443->29445 29445->29395 29446->29443 29447->29376 29448->29431 29449->29431 29450->29431 29451->29425 29452->29429 29453->29412 29454->29420 29455->29418 29456->29424 29457->29378 29458->29442 29459->29446

                                                                                                  Executed Functions

                                                                                                  Function 00007FF69E59B190 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Item$Message$_invalid_parameter_noinfo_noreturn$Send$DialogText$File$ErrorLast$CloseFindFocusLoadStringViewWindow$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmap
                                                                                                  • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                                  • API String ID: 255727823-2702805183
                                                                                                  • Opcode ID: 72cfb2ad78d0d9446a3cab55664ab3f843447492cfe0ed25f3b642488b1e3680
                                                                                                  • Instruction ID: ad465e65330ef3900582886a51f03f93ae4ec9fd03a633463eff095fc382ef99
                                                                                                  • Opcode Fuzzy Hash: 72cfb2ad78d0d9446a3cab55664ab3f843447492cfe0ed25f3b642488b1e3680
                                                                                                  • Instruction Fuzzy Hash: 1CD2B461E1868241FA70DB25E8F42F96361EFA5780F8041B6F94DC76A6DF3EE584C720
                                                                                                  Function 00007FF69E59CE88 Relevance: 65.0, APIs: 26, Strings: 10, Instructions: 1963windowfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$FileMessageMoveSend$DialogItemPathTemp
                                                                                                  • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                                  • API String ID: 3007431893-3916287355
                                                                                                  • Opcode ID: 00a9634cf1621ffdf9648ab056032cbdcf5fe38b242edf5d97e187864c5a1c60
                                                                                                  • Instruction ID: c7d6a107ca3d8d911c0c3a8a824fbe7449fa7c717701805ca84092b91fe7f647
                                                                                                  • Opcode Fuzzy Hash: 00a9634cf1621ffdf9648ab056032cbdcf5fe38b242edf5d97e187864c5a1c60
                                                                                                  • Instruction Fuzzy Hash: CD13C472B0478285EB20DF64D8E02EC27B1FB60398F904576EA1D97AD9DF3AD594C360
                                                                                                  Function 00007FF69E5A0754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1466 7ff69e5a0754-7ff69e5a0829 call 7ff69e58dfd0 call 7ff69e5862dc call 7ff69e59946c call 7ff69e5a3cf0 call 7ff69e599a14 1477 7ff69e5a0860-7ff69e5a0883 1466->1477 1478 7ff69e5a082b-7ff69e5a0840 1466->1478 1481 7ff69e5a0885-7ff69e5a089a 1477->1481 1482 7ff69e5a08ba-7ff69e5a08dd 1477->1482 1479 7ff69e5a0842-7ff69e5a0855 1478->1479 1480 7ff69e5a085b call 7ff69e5a220c 1478->1480 1479->1480 1483 7ff69e5a0ddd-7ff69e5a0de2 call 7ff69e5a7904 1479->1483 1480->1477 1485 7ff69e5a08b5 call 7ff69e5a220c 1481->1485 1486 7ff69e5a089c-7ff69e5a08af 1481->1486 1487 7ff69e5a08df-7ff69e5a08f4 1482->1487 1488 7ff69e5a0914-7ff69e5a0937 1482->1488 1502 7ff69e5a0de3-7ff69e5a0e2f call 7ff69e5a7904 call 7ff69e5a1900 1483->1502 1485->1482 1486->1483 1486->1485 1491 7ff69e5a090f call 7ff69e5a220c 1487->1491 1492 7ff69e5a08f6-7ff69e5a0909 1487->1492 1493 7ff69e5a096e-7ff69e5a097a GetCommandLineW 1488->1493 1494 7ff69e5a0939-7ff69e5a094e 1488->1494 1491->1488 1492->1483 1492->1491 1496 7ff69e5a0980-7ff69e5a09b7 call 7ff69e5a797c call 7ff69e57129c call 7ff69e59cad0 1493->1496 1497 7ff69e5a0b47-7ff69e5a0b5e call 7ff69e586454 1493->1497 1499 7ff69e5a0950-7ff69e5a0963 1494->1499 1500 7ff69e5a0969 call 7ff69e5a220c 1494->1500 1527 7ff69e5a09b9-7ff69e5a09cc 1496->1527 1528 7ff69e5a09ec-7ff69e5a09f3 1496->1528 1510 7ff69e5a0b60-7ff69e5a0b85 call 7ff69e571fa0 call 7ff69e5a3640 1497->1510 1511 7ff69e5a0b89-7ff69e5a0ce4 call 7ff69e571fa0 SetEnvironmentVariableW GetLocalTime call 7ff69e583e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff69e59b014 call 7ff69e5898ac call 7ff69e5967b4 * 2 DialogBoxParamW call 7ff69e5968a8 * 2 1497->1511 1499->1483 1499->1500 1500->1493 1521 7ff69e5a0e34-7ff69e5a0e6a 1502->1521 1510->1511 1571 7ff69e5a0ce6 Sleep 1511->1571 1572 7ff69e5a0cec-7ff69e5a0cf3 1511->1572 1526 7ff69e5a0e6c 1521->1526 1526->1526 1530 7ff69e5a09ce-7ff69e5a09e1 1527->1530 1531 7ff69e5a09e7 call 7ff69e5a220c 1527->1531 1532 7ff69e5a09f9-7ff69e5a0a13 OpenFileMappingW 1528->1532 1533 7ff69e5a0adb-7ff69e5a0b05 call 7ff69e5a797c call 7ff69e57129c call 7ff69e59fd0c 1528->1533 1530->1502 1530->1531 1531->1528 1534 7ff69e5a0ad0-7ff69e5a0ad9 CloseHandle 1532->1534 1535 7ff69e5a0a19-7ff69e5a0a39 MapViewOfFile 1532->1535 1551 7ff69e5a0b0a-7ff69e5a0b12 1533->1551 1534->1497 1535->1534 1540 7ff69e5a0a3f-7ff69e5a0a6f UnmapViewOfFile MapViewOfFile 1535->1540 1540->1534 1543 7ff69e5a0a71-7ff69e5a0aca call 7ff69e59a190 call 7ff69e59fd0c call 7ff69e58b9b4 call 7ff69e58bb00 call 7ff69e58bb70 UnmapViewOfFile 1540->1543 1543->1534 1551->1497 1554 7ff69e5a0b14-7ff69e5a0b27 1551->1554 1557 7ff69e5a0b42 call 7ff69e5a220c 1554->1557 1558 7ff69e5a0b29-7ff69e5a0b3c 1554->1558 1557->1497 1558->1557 1561 7ff69e5a0dd7-7ff69e5a0ddc call 7ff69e5a7904 1558->1561 1561->1483 1571->1572 1574 7ff69e5a0cf5 call 7ff69e599f4c 1572->1574 1575 7ff69e5a0cfa-7ff69e5a0d1d call 7ff69e58b8e0 DeleteObject 1572->1575 1574->1575 1580 7ff69e5a0d1f DeleteObject 1575->1580 1581 7ff69e5a0d25-7ff69e5a0d2c 1575->1581 1580->1581 1582 7ff69e5a0d2e-7ff69e5a0d35 1581->1582 1583 7ff69e5a0d48-7ff69e5a0d59 1581->1583 1582->1583 1584 7ff69e5a0d37-7ff69e5a0d43 call 7ff69e57ba0c 1582->1584 1585 7ff69e5a0d5b-7ff69e5a0d67 call 7ff69e59fe24 CloseHandle 1583->1585 1586 7ff69e5a0d6d-7ff69e5a0d7a 1583->1586 1584->1583 1585->1586 1588 7ff69e5a0d9f-7ff69e5a0da4 call 7ff69e5994e4 1586->1588 1589 7ff69e5a0d7c-7ff69e5a0d89 1586->1589 1597 7ff69e5a0da9-7ff69e5a0dd6 call 7ff69e5a2320 1588->1597 1592 7ff69e5a0d99-7ff69e5a0d9b 1589->1592 1593 7ff69e5a0d8b-7ff69e5a0d93 1589->1593 1592->1588 1596 7ff69e5a0d9d 1592->1596 1593->1588 1595 7ff69e5a0d95-7ff69e5a0d97 1593->1595 1595->1588 1596->1588
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                  • API String ID: 1048086575-3710569615
                                                                                                  • Opcode ID: cf857dfdb846402a04b639880a0f56ecddc48e970ed32f05d0be7d60c6edf358
                                                                                                  • Instruction ID: c2f638f211bc77f5517aee6f0c69c11b6af424c68be61404b925d3268df3350c
                                                                                                  • Opcode Fuzzy Hash: cf857dfdb846402a04b639880a0f56ecddc48e970ed32f05d0be7d60c6edf358
                                                                                                  • Instruction Fuzzy Hash: 96127A61E18B8286EB30DB24E8E52B96361FFA5794F404171FA5D87AA5DF3EE140C730
                                                                                                  Function 00007FF69E58A4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWideswprintf
                                                                                                  • String ID: $%s:$CAPTION
                                                                                                  • API String ID: 2100155373-404845831
                                                                                                  • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                                  • Instruction ID: c70d2d0d6fe89fc610e3afb11eb3c170bd6dc5d059035d195f03bc08abeaad96
                                                                                                  • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                                  • Instruction Fuzzy Hash: 1E912B32B2864186E764DF39E89066977A0FB94784F405436FE4D97B58DF3DE805CB10
                                                                                                  Function 00007FF69E598624 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                                  • String ID: PNG
                                                                                                  • API String ID: 211097158-364855578
                                                                                                  • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                                  • Instruction ID: 0c6ebcb8a309d08aceffaec00ea1d6e4210a68eaaeed653b13d4348bd8d3e756
                                                                                                  • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                                  • Instruction Fuzzy Hash: C3414365E09B0691EF249B16D4A437963A0EF98B90F484475EE0DC7364EF7EE448C320
                                                                                                  Function 00007FF69E57F930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: __tmp_reference_source_
                                                                                                  • API String ID: 3668304517-685763994
                                                                                                  • Opcode ID: 0b103013559008ad7c4ced657c1ca4236a45656b3d3cf544ff6173fbd4f8462d
                                                                                                  • Instruction ID: dfa1e3a5447c36f11cc1008ae0a5feb575c4ac646c7f4d127f9ceb85a48b484d
                                                                                                  • Opcode Fuzzy Hash: 0b103013559008ad7c4ced657c1ca4236a45656b3d3cf544ff6173fbd4f8462d
                                                                                                  • Instruction Fuzzy Hash: 71E2B962A186C292FA74CB25E1E03FE6761FBA1750F404172EB9D836A5CF3EE455C720
                                                                                                  Function 00007FF69E574840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: CMT
                                                                                                  • API String ID: 3668304517-2756464174
                                                                                                  • Opcode ID: 55bf8bc242d77ff464b4b637a4409c1e03917795df1080568c491ddd117196ec
                                                                                                  • Instruction ID: f9f151a13a119c8a6dba104908fe026334f7671b0a2992d5b0e325e77caa733f
                                                                                                  • Opcode Fuzzy Hash: 55bf8bc242d77ff464b4b637a4409c1e03917795df1080568c491ddd117196ec
                                                                                                  • Instruction Fuzzy Hash: 74E21462B1868296EB34DB75D4A02FD67A1FB64384F408075EB5E83792DF3EE464C320
                                                                                                  Function 00007FF69E5840BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 3768 7ff69e5840bc-7ff69e5840f3 3769 7ff69e5840f9-7ff69e584101 3768->3769 3770 7ff69e5841d2-7ff69e5841df FindNextFileW 3768->3770 3771 7ff69e584106-7ff69e584118 FindFirstFileW 3769->3771 3772 7ff69e584103 3769->3772 3773 7ff69e5841f3-7ff69e5841f6 3770->3773 3774 7ff69e5841e1-7ff69e5841f1 GetLastError 3770->3774 3771->3773 3775 7ff69e58411e-7ff69e584146 call 7ff69e586a0c 3771->3775 3772->3771 3777 7ff69e5841f8-7ff69e584200 3773->3777 3778 7ff69e584211-7ff69e584253 call 7ff69e5a797c call 7ff69e57129c call 7ff69e588090 3773->3778 3776 7ff69e5841ca-7ff69e5841cd 3774->3776 3788 7ff69e584148-7ff69e584164 FindFirstFileW 3775->3788 3789 7ff69e584167-7ff69e584170 3775->3789 3779 7ff69e5842eb-7ff69e58430e call 7ff69e5a2320 3776->3779 3781 7ff69e584205-7ff69e58420c call 7ff69e5720b0 3777->3781 3782 7ff69e584202 3777->3782 3804 7ff69e58428c-7ff69e5842e6 call 7ff69e58f168 * 3 3778->3804 3805 7ff69e584255-7ff69e58426c 3778->3805 3781->3778 3782->3781 3788->3789 3792 7ff69e5841a9-7ff69e5841ad 3789->3792 3793 7ff69e584172-7ff69e584189 3789->3793 3792->3773 3795 7ff69e5841af-7ff69e5841be GetLastError 3792->3795 3797 7ff69e58418b-7ff69e58419e 3793->3797 3798 7ff69e5841a4 call 7ff69e5a220c 3793->3798 3799 7ff69e5841c8 3795->3799 3800 7ff69e5841c0-7ff69e5841c6 3795->3800 3797->3798 3802 7ff69e584315-7ff69e58431b call 7ff69e5a7904 3797->3802 3798->3792 3799->3776 3800->3776 3800->3799 3804->3779 3807 7ff69e584287 call 7ff69e5a220c 3805->3807 3808 7ff69e58426e-7ff69e584281 3805->3808 3807->3804 3808->3807 3811 7ff69e58430f-7ff69e584314 call 7ff69e5a7904 3808->3811 3811->3802
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                                  • String ID:
                                                                                                  • API String ID: 474548282-0
                                                                                                  • Opcode ID: 66fe9aa60096915ead2717382f71102c76cb13127cdb9d07ef3d60804a2b80c6
                                                                                                  • Instruction ID: 52dc0fafe7152f31208cca3af862323a708b63f894b6b1fda14d587faf33e2e5
                                                                                                  • Opcode Fuzzy Hash: 66fe9aa60096915ead2717382f71102c76cb13127cdb9d07ef3d60804a2b80c6
                                                                                                  • Instruction Fuzzy Hash: E061C562A18A4681EA20DB28E8E027D6361FBA57B4F105371FEBD836D9DF3DD944C710
                                                                                                  Function 00007FF69E575E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: CMT
                                                                                                  • API String ID: 0-2756464174
                                                                                                  • Opcode ID: bb8f32dfb39c41a2f4cffe25f113d86e3364d78267da2167cd0a984ef8db8d77
                                                                                                  • Instruction ID: eef4a6a49d82507874d5d52cb340b2bdb10feccdc7dea02e779e8f970c8dbcee
                                                                                                  • Opcode Fuzzy Hash: bb8f32dfb39c41a2f4cffe25f113d86e3364d78267da2167cd0a984ef8db8d77
                                                                                                  • Instruction Fuzzy Hash: 6D42E462B086819BEB38DB74C1A02FD77A1EB21344F404176EB5ED3696DF7AE528C310
                                                                                                  Function 00007FF69E591F20 Relevance: .3, Instructions: 337COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0a42af491d0f316df573d8ea8d59481ea3cca52ac339acf3c7ff9db876b099fa
                                                                                                  • Instruction ID: 3d40b89f4e1ec9898deaecefbb86ddcb7ad8f97586f38fa8aebfe5cbf591dcf4
                                                                                                  • Opcode Fuzzy Hash: 0a42af491d0f316df573d8ea8d59481ea3cca52ac339acf3c7ff9db876b099fa
                                                                                                  • Instruction Fuzzy Hash: D0E104A2A082828AEB74CF28A0E42BD7791FB64748F454175EB4EC7785DF3EED418714
                                                                                                  Function 00007FF69E593484 Relevance: .3, Instructions: 302COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8c3f9089be966249862bf56ce032710d6eb03eb50aa34be6e58aa05575d530c2
                                                                                                  • Instruction ID: c937213a8fcd8dfea2fcc8957d30832fd2499df23e767a0027f67d184f388c47
                                                                                                  • Opcode Fuzzy Hash: 8c3f9089be966249862bf56ce032710d6eb03eb50aa34be6e58aa05575d530c2
                                                                                                  • Instruction Fuzzy Hash: FAB1EFA2B05AC992DE28CB66D6586E9A391F714FC4F888032EE0D8B742DF3DE155C310
                                                                                                  Function 00007FF69E584928 Relevance: .1, Instructions: 136COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                  • String ID:
                                                                                                  • API String ID: 3340455307-0
                                                                                                  • Opcode ID: d99ac025a94b608eca77987ee7e6c376c25c1b26fb53395ef183edcb2a2d0eda
                                                                                                  • Instruction ID: dc8a8a1bf0ea5ce9d34358b76e8768a7d67da50280bda9fb6b192ff4f39c8bbd
                                                                                                  • Opcode Fuzzy Hash: d99ac025a94b608eca77987ee7e6c376c25c1b26fb53395ef183edcb2a2d0eda
                                                                                                  • Instruction Fuzzy Hash: 97412822B2566286FB74DF22A9A177A2253FBE4784F048031EE4D87794DE3DE842C714
                                                                                                  Function 00007FF69E58DFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 7ff69e58dfd0-7ff69e58e024 call 7ff69e5a2450 GetModuleHandleW 3 7ff69e58e026-7ff69e58e039 GetProcAddress 0->3 4 7ff69e58e07b-7ff69e58e3a5 0->4 7 7ff69e58e053-7ff69e58e066 GetProcAddress 3->7 8 7ff69e58e03b-7ff69e58e04a 3->8 5 7ff69e58e503-7ff69e58e521 call 7ff69e586454 call 7ff69e587df4 4->5 6 7ff69e58e3ab-7ff69e58e3b4 call 7ff69e5ab788 4->6 19 7ff69e58e525-7ff69e58e52f call 7ff69e5851a4 5->19 6->5 15 7ff69e58e3ba-7ff69e58e3fd call 7ff69e586454 CreateFileW 6->15 7->4 11 7ff69e58e068-7ff69e58e078 7->11 8->7 11->4 22 7ff69e58e4f0-7ff69e58e4fe CloseHandle call 7ff69e571fa0 15->22 23 7ff69e58e403-7ff69e58e416 SetFilePointer 15->23 27 7ff69e58e531-7ff69e58e53c call 7ff69e58dd88 19->27 28 7ff69e58e564-7ff69e58e5ac call 7ff69e5a797c call 7ff69e57129c call 7ff69e588090 call 7ff69e571fa0 call 7ff69e5832bc 19->28 22->5 23->22 25 7ff69e58e41c-7ff69e58e43e ReadFile 23->25 25->22 29 7ff69e58e444-7ff69e58e452 25->29 27->28 39 7ff69e58e53e-7ff69e58e562 CompareStringW 27->39 66 7ff69e58e5b1-7ff69e58e5b4 28->66 32 7ff69e58e800-7ff69e58e807 call 7ff69e5a2624 29->32 33 7ff69e58e458-7ff69e58e4ac call 7ff69e5a797c call 7ff69e57129c 29->33 48 7ff69e58e4c3-7ff69e58e4d9 call 7ff69e58d0a0 33->48 39->28 42 7ff69e58e5bd-7ff69e58e5c6 39->42 42->19 46 7ff69e58e5cc 42->46 49 7ff69e58e5d1-7ff69e58e5d4 46->49 61 7ff69e58e4ae-7ff69e58e4be call 7ff69e58dd88 48->61 62 7ff69e58e4db-7ff69e58e4eb call 7ff69e571fa0 * 2 48->62 52 7ff69e58e63f-7ff69e58e642 49->52 53 7ff69e58e5d6-7ff69e58e5d9 49->53 57 7ff69e58e7c2-7ff69e58e7ff call 7ff69e571fa0 * 2 call 7ff69e5a2320 52->57 58 7ff69e58e648-7ff69e58e65b call 7ff69e587eb0 call 7ff69e5851a4 52->58 59 7ff69e58e5dd-7ff69e58e62d call 7ff69e5a797c call 7ff69e57129c call 7ff69e588090 call 7ff69e571fa0 call 7ff69e5832bc 53->59 82 7ff69e58e661-7ff69e58e701 call 7ff69e58dd88 * 2 call 7ff69e58aae0 call 7ff69e58da98 call 7ff69e58aae0 call 7ff69e58dc2c call 7ff69e5987ac call 7ff69e5719e0 58->82 83 7ff69e58e706-7ff69e58e753 call 7ff69e58da98 AllocConsole 58->83 107 7ff69e58e62f-7ff69e58e638 59->107 108 7ff69e58e63c 59->108 61->48 62->22 72 7ff69e58e5ce 66->72 73 7ff69e58e5b6 66->73 72->49 73->42 100 7ff69e58e7b4-7ff69e58e7bb call 7ff69e5719e0 ExitProcess 82->100 94 7ff69e58e7b0 83->94 95 7ff69e58e755-7ff69e58e7aa GetCurrentProcessId AttachConsole call 7ff69e58e868 call 7ff69e58e858 GetStdHandle WriteConsoleW Sleep FreeConsole 83->95 94->100 95->94 107->59 112 7ff69e58e63a 107->112 108->52 112->52
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                                  • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                                  • API String ID: 1496594111-2013832382
                                                                                                  • Opcode ID: 34802ec4308bac0a765840d4883717106c0f60697b5732dd1b55c612bebcfb11
                                                                                                  • Instruction ID: f116dc7c63ae195f0edb1da7da3842ed62430266978b8e3cfc1e5e0dc654c95f
                                                                                                  • Opcode Fuzzy Hash: 34802ec4308bac0a765840d4883717106c0f60697b5732dd1b55c612bebcfb11
                                                                                                  • Instruction Fuzzy Hash: A1323C31E19B8295EB318F20E8A01E933B4FF65354F544276EA4D867A9EF3ED254C360
                                                                                                  Function 00007FF69E5898DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF69E588E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF69E588F8D
                                                                                                  • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF69E589F75
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E58A42F
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E58A435
                                                                                                    • Part of subcall function 00007FF69E590BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF69E590B44), ref: 00007FF69E590BE9
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                                  • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                                  • API String ID: 3629253777-3268106645
                                                                                                  • Opcode ID: eada48ccb5f4113e0e5189e729fba0886f28cfa8a9499ddc0ab41924688ab6bf
                                                                                                  • Instruction ID: a958045f04200e3f3538cd48bbc09e83e768f48551f2c12af3d02e218092abfd
                                                                                                  • Opcode Fuzzy Hash: eada48ccb5f4113e0e5189e729fba0886f28cfa8a9499ddc0ab41924688ab6bf
                                                                                                  • Instruction Fuzzy Hash: EB62C222B2968295EB70DB24C4E42BD3365FB64784F804171FA4E876DAEF3EE544C360
                                                                                                  Function 00007FF69E5A1900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1910 7ff69e5a1900-7ff69e5a1989 call 7ff69e5a1558 1913 7ff69e5a19b4-7ff69e5a19d1 1910->1913 1914 7ff69e5a198b-7ff69e5a19af call 7ff69e5a1868 RaiseException 1910->1914 1916 7ff69e5a19d3-7ff69e5a19e4 1913->1916 1917 7ff69e5a19e6-7ff69e5a19ea 1913->1917 1920 7ff69e5a1bb8-7ff69e5a1bd5 1914->1920 1919 7ff69e5a19ed-7ff69e5a19f9 1916->1919 1917->1919 1921 7ff69e5a19fb-7ff69e5a1a0d 1919->1921 1922 7ff69e5a1a1a-7ff69e5a1a1d 1919->1922 1930 7ff69e5a1a13 1921->1930 1931 7ff69e5a1b89-7ff69e5a1b93 1921->1931 1923 7ff69e5a1a23-7ff69e5a1a26 1922->1923 1924 7ff69e5a1ac4-7ff69e5a1acb 1922->1924 1927 7ff69e5a1a28-7ff69e5a1a3b 1923->1927 1928 7ff69e5a1a3d-7ff69e5a1a52 LoadLibraryExA 1923->1928 1925 7ff69e5a1adf-7ff69e5a1ae2 1924->1925 1926 7ff69e5a1acd-7ff69e5a1adc 1924->1926 1932 7ff69e5a1b85 1925->1932 1933 7ff69e5a1ae8-7ff69e5a1aec 1925->1933 1926->1925 1927->1928 1935 7ff69e5a1aa9-7ff69e5a1ab2 1927->1935 1934 7ff69e5a1a54-7ff69e5a1a67 GetLastError 1928->1934 1928->1935 1930->1922 1940 7ff69e5a1bb0 call 7ff69e5a1868 1931->1940 1941 7ff69e5a1b95-7ff69e5a1ba6 1931->1941 1932->1931 1938 7ff69e5a1aee-7ff69e5a1af2 1933->1938 1939 7ff69e5a1b1b-7ff69e5a1b2e GetProcAddress 1933->1939 1942 7ff69e5a1a7e-7ff69e5a1aa4 call 7ff69e5a1868 RaiseException 1934->1942 1943 7ff69e5a1a69-7ff69e5a1a7c 1934->1943 1944 7ff69e5a1ab4-7ff69e5a1ab7 FreeLibrary 1935->1944 1945 7ff69e5a1abd 1935->1945 1938->1939 1946 7ff69e5a1af4-7ff69e5a1aff 1938->1946 1939->1932 1949 7ff69e5a1b30-7ff69e5a1b43 GetLastError 1939->1949 1952 7ff69e5a1bb5 1940->1952 1941->1940 1942->1920 1943->1935 1943->1942 1944->1945 1945->1924 1946->1939 1950 7ff69e5a1b01-7ff69e5a1b08 1946->1950 1954 7ff69e5a1b45-7ff69e5a1b58 1949->1954 1955 7ff69e5a1b5a-7ff69e5a1b81 call 7ff69e5a1868 RaiseException call 7ff69e5a1558 1949->1955 1950->1939 1957 7ff69e5a1b0a-7ff69e5a1b0f 1950->1957 1952->1920 1954->1932 1954->1955 1955->1932 1957->1939 1960 7ff69e5a1b11-7ff69e5a1b19 1957->1960 1960->1932 1960->1939
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                                  • String ID: H
                                                                                                  • API String ID: 3432403771-2852464175
                                                                                                  • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                                  • Instruction ID: 15c49c0850a05cb9fafa9fa73de6e9ab80040b74025c839c3a71521119014e44
                                                                                                  • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                                  • Instruction Fuzzy Hash: B0917C72E05B569AEB60CF65D9942AC33B1FB28BA4F084075EE0D97744EF39E445C360
                                                                                                  Function 00007FF69E59F4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1989 7ff69e59f4e0-7ff69e59f523 1990 7ff69e59f894-7ff69e59f8b9 call 7ff69e571fa0 call 7ff69e5a2320 1989->1990 1991 7ff69e59f529-7ff69e59f565 call 7ff69e5a3cf0 1989->1991 1997 7ff69e59f567 1991->1997 1998 7ff69e59f56a-7ff69e59f571 1991->1998 1997->1998 2000 7ff69e59f573-7ff69e59f577 1998->2000 2001 7ff69e59f582-7ff69e59f586 1998->2001 2002 7ff69e59f579 2000->2002 2003 7ff69e59f57c-7ff69e59f580 2000->2003 2004 7ff69e59f588 2001->2004 2005 7ff69e59f58b-7ff69e59f596 2001->2005 2002->2003 2003->2005 2004->2005 2006 7ff69e59f628 2005->2006 2007 7ff69e59f59c 2005->2007 2009 7ff69e59f62c-7ff69e59f62f 2006->2009 2008 7ff69e59f5a2-7ff69e59f5a9 2007->2008 2010 7ff69e59f5ae-7ff69e59f5b3 2008->2010 2011 7ff69e59f5ab 2008->2011 2012 7ff69e59f631-7ff69e59f635 2009->2012 2013 7ff69e59f637-7ff69e59f63a 2009->2013 2014 7ff69e59f5e5-7ff69e59f5f0 2010->2014 2015 7ff69e59f5b5 2010->2015 2011->2010 2012->2013 2016 7ff69e59f660-7ff69e59f673 call 7ff69e5863ac 2012->2016 2013->2016 2017 7ff69e59f63c-7ff69e59f643 2013->2017 2021 7ff69e59f5f2 2014->2021 2022 7ff69e59f5f5-7ff69e59f5fa 2014->2022 2018 7ff69e59f5ca-7ff69e59f5d0 2015->2018 2034 7ff69e59f675-7ff69e59f693 call 7ff69e5913c4 2016->2034 2035 7ff69e59f698-7ff69e59f6ed call 7ff69e5a797c call 7ff69e57129c call 7ff69e5832a8 call 7ff69e571fa0 2016->2035 2017->2016 2019 7ff69e59f645-7ff69e59f65c 2017->2019 2025 7ff69e59f5d2 2018->2025 2026 7ff69e59f5b7-7ff69e59f5be 2018->2026 2019->2016 2021->2022 2023 7ff69e59f600-7ff69e59f607 2022->2023 2024 7ff69e59f8ba-7ff69e59f8c1 2022->2024 2028 7ff69e59f609 2023->2028 2029 7ff69e59f60c-7ff69e59f612 2023->2029 2032 7ff69e59f8c3 2024->2032 2033 7ff69e59f8c6-7ff69e59f8cb 2024->2033 2025->2014 2030 7ff69e59f5c0 2026->2030 2031 7ff69e59f5c3-7ff69e59f5c8 2026->2031 2028->2029 2029->2024 2037 7ff69e59f618-7ff69e59f622 2029->2037 2030->2031 2031->2018 2038 7ff69e59f5d4-7ff69e59f5db 2031->2038 2032->2033 2039 7ff69e59f8de-7ff69e59f8e6 2033->2039 2040 7ff69e59f8cd-7ff69e59f8d4 2033->2040 2034->2035 2056 7ff69e59f6ef-7ff69e59f73d call 7ff69e5a797c call 7ff69e57129c call 7ff69e585b60 call 7ff69e571fa0 2035->2056 2057 7ff69e59f742-7ff69e59f74f ShellExecuteExW 2035->2057 2037->2006 2037->2008 2043 7ff69e59f5e0 2038->2043 2044 7ff69e59f5dd 2038->2044 2047 7ff69e59f8e8 2039->2047 2048 7ff69e59f8eb-7ff69e59f8f6 2039->2048 2045 7ff69e59f8d6 2040->2045 2046 7ff69e59f8d9 2040->2046 2043->2014 2044->2043 2045->2046 2046->2039 2047->2048 2048->2009 2056->2057 2058 7ff69e59f755-7ff69e59f75f 2057->2058 2059 7ff69e59f846-7ff69e59f84e 2057->2059 2061 7ff69e59f76f-7ff69e59f772 2058->2061 2062 7ff69e59f761-7ff69e59f764 2058->2062 2064 7ff69e59f850-7ff69e59f866 2059->2064 2065 7ff69e59f882-7ff69e59f88f 2059->2065 2067 7ff69e59f78e-7ff69e59f7ad call 7ff69e5de1b8 call 7ff69e59fe24 2061->2067 2068 7ff69e59f774-7ff69e59f77f call 7ff69e5de188 2061->2068 2062->2061 2066 7ff69e59f766-7ff69e59f76d 2062->2066 2070 7ff69e59f868-7ff69e59f87b 2064->2070 2071 7ff69e59f87d call 7ff69e5a220c 2064->2071 2065->1990 2066->2061 2074 7ff69e59f7e3-7ff69e59f7f0 CloseHandle 2066->2074 2067->2074 2096 7ff69e59f7af-7ff69e59f7b2 2067->2096 2068->2067 2088 7ff69e59f781-7ff69e59f78c ShowWindow 2068->2088 2070->2071 2072 7ff69e59f8fb-7ff69e59f903 call 7ff69e5a7904 2070->2072 2071->2065 2079 7ff69e59f7f2-7ff69e59f803 call 7ff69e5913c4 2074->2079 2080 7ff69e59f805-7ff69e59f80c 2074->2080 2079->2080 2086 7ff69e59f82e-7ff69e59f830 2079->2086 2080->2086 2087 7ff69e59f80e-7ff69e59f811 2080->2087 2086->2059 2094 7ff69e59f832-7ff69e59f835 2086->2094 2087->2086 2093 7ff69e59f813-7ff69e59f828 2087->2093 2088->2067 2093->2086 2094->2059 2098 7ff69e59f837-7ff69e59f845 ShowWindow 2094->2098 2096->2074 2099 7ff69e59f7b4-7ff69e59f7c5 GetExitCodeProcess 2096->2099 2098->2059 2099->2074 2100 7ff69e59f7c7-7ff69e59f7dc 2099->2100 2100->2074
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: .exe$.inf$Install$p
                                                                                                  • API String ID: 1054546013-3607691742
                                                                                                  • Opcode ID: db8ecbd514ff322f29a974296a08b1056670a56b0f2c036ad5285174391dee78
                                                                                                  • Instruction ID: 1769c9d775b1e99988f9b0b244cd494e6dd2f19ae1e1e67a0f6572b6cf8f73fc
                                                                                                  • Opcode Fuzzy Hash: db8ecbd514ff322f29a974296a08b1056670a56b0f2c036ad5285174391dee78
                                                                                                  • Instruction Fuzzy Hash: 4BC172A2F18A0295FB60DB65D9E02B92371FFA5784F4440B1EA4DC76A5DF3EE4918330
                                                                                                  Function 00007FF69E59F0A4 Relevance: 16.6, APIs: 11, Instructions: 102windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 3569833718-0
                                                                                                  • Opcode ID: 6d17268858d6b6aed380ad60cc2cf8b16547cb3a0c40a3112c59011326a33119
                                                                                                  • Instruction ID: a458dbd9bc4969b115c70a7ec5b1803f44196548afa6588c86cbb4cf1c10fa14
                                                                                                  • Opcode Fuzzy Hash: 6d17268858d6b6aed380ad60cc2cf8b16547cb3a0c40a3112c59011326a33119
                                                                                                  • Instruction Fuzzy Hash: C5410435F14A0286F720CF61EC60BB92360FB55B88F445076ED0A47B94CE3EE4858760
                                                                                                  Function 00007FF69E57EF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: f0ceac670109cddac8d87af407790801409e6a3541c24d556b6e5f57a5733dbb
                                                                                                  • Instruction ID: 0b8038592940133439dd5cbebaae84a4c0ac1207c0937335c1cbfbaf13f08ae6
                                                                                                  • Opcode Fuzzy Hash: f0ceac670109cddac8d87af407790801409e6a3541c24d556b6e5f57a5733dbb
                                                                                                  • Instruction Fuzzy Hash: FD12F462F1874185EB30CB64D4A42AC2372FB657A8F408276EE5C97AE5DF3ED495C320
                                                                                                  Function 00007FF69E5824C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 3819 7ff69e5824c0-7ff69e5824fb 3820 7ff69e5824fd-7ff69e582504 3819->3820 3821 7ff69e582506 3819->3821 3820->3821 3822 7ff69e582509-7ff69e582578 3820->3822 3821->3822 3823 7ff69e58257d-7ff69e5825a8 CreateFileW 3822->3823 3824 7ff69e58257a 3822->3824 3825 7ff69e582688-7ff69e58268d 3823->3825 3826 7ff69e5825ae-7ff69e5825de GetLastError call 7ff69e586a0c 3823->3826 3824->3823 3827 7ff69e582693-7ff69e582697 3825->3827 3835 7ff69e58262c 3826->3835 3836 7ff69e5825e0-7ff69e58262a CreateFileW GetLastError 3826->3836 3829 7ff69e582699-7ff69e58269c 3827->3829 3830 7ff69e5826a5-7ff69e5826a9 3827->3830 3829->3830 3832 7ff69e58269e 3829->3832 3833 7ff69e5826ab-7ff69e5826af 3830->3833 3834 7ff69e5826cf-7ff69e5826e3 3830->3834 3832->3830 3833->3834 3837 7ff69e5826b1-7ff69e5826c9 SetFileTime 3833->3837 3838 7ff69e58270c-7ff69e582735 call 7ff69e5a2320 3834->3838 3839 7ff69e5826e5-7ff69e5826f0 3834->3839 3840 7ff69e582632-7ff69e58263a 3835->3840 3836->3840 3837->3834 3842 7ff69e582708 3839->3842 3843 7ff69e5826f2-7ff69e5826fa 3839->3843 3844 7ff69e58263c-7ff69e582653 3840->3844 3845 7ff69e582673-7ff69e582686 3840->3845 3842->3838 3849 7ff69e5826fc 3843->3849 3850 7ff69e5826ff-7ff69e582703 call 7ff69e5720b0 3843->3850 3846 7ff69e582655-7ff69e582668 3844->3846 3847 7ff69e58266e call 7ff69e5a220c 3844->3847 3845->3827 3846->3847 3852 7ff69e582736-7ff69e58273b call 7ff69e5a7904 3846->3852 3847->3845 3849->3850 3850->3842
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3536497005-0
                                                                                                  • Opcode ID: 457c136b954a564df8b26438416fd4b17eefbc135de7b21dacf5200ecc0fc64e
                                                                                                  • Instruction ID: e3083c8a0ccff43e6bc64977a11bbccfc7eccd2386aae5f21e14f4b4546593f9
                                                                                                  • Opcode Fuzzy Hash: 457c136b954a564df8b26438416fd4b17eefbc135de7b21dacf5200ecc0fc64e
                                                                                                  • Instruction Fuzzy Hash: E161E566E1864186E7308B29E59036E6BB1FB987A8F101334EFAD43AD4DF3ED054C710
                                                                                                  Function 00007FF69E59FD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 3856 7ff69e59fd0c-7ff69e59fd37 3857 7ff69e59fd39 3856->3857 3858 7ff69e59fd3c-7ff69e59fd76 SetEnvironmentVariableW call 7ff69e58d0a0 3856->3858 3857->3858 3861 7ff69e59fdc3-7ff69e59fdcb 3858->3861 3862 7ff69e59fd78 3858->3862 3864 7ff69e59fdff-7ff69e59fe1a call 7ff69e5a2320 3861->3864 3865 7ff69e59fdcd-7ff69e59fde3 3861->3865 3863 7ff69e59fd7c-7ff69e59fd84 3862->3863 3867 7ff69e59fd86 3863->3867 3868 7ff69e59fd89-7ff69e59fd94 call 7ff69e58d4c0 3863->3868 3869 7ff69e59fde5-7ff69e59fdf8 3865->3869 3870 7ff69e59fdfa call 7ff69e5a220c 3865->3870 3867->3868 3878 7ff69e59fda3-7ff69e59fda8 3868->3878 3879 7ff69e59fd96-7ff69e59fda1 3868->3879 3869->3870 3873 7ff69e59fe1b-7ff69e59fe23 call 7ff69e5a7904 3869->3873 3870->3864 3880 7ff69e59fdaa 3878->3880 3881 7ff69e59fdad-7ff69e59fdc2 SetEnvironmentVariableW 3878->3881 3879->3863 3880->3881 3881->3861
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: sfxcmd$sfxpar
                                                                                                  • API String ID: 3540648995-3493335439
                                                                                                  • Opcode ID: 48e58e823320ee2e30a8ba7f247afa82eb81b269a21fe23b9d6641b37ea74fe4
                                                                                                  • Instruction ID: 3f38dafc35ddc71d57b4e6350752abcf9910aff0b9b82344da76830676531876
                                                                                                  • Opcode Fuzzy Hash: 48e58e823320ee2e30a8ba7f247afa82eb81b269a21fe23b9d6641b37ea74fe4
                                                                                                  • Instruction Fuzzy Hash: 8D319C72E14B0684EB208B65E8E41BC2371FB68B98F541171EA1D977A9DE39D041C364
                                                                                                  Function 00007FF69E59B014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Global$Resource$Object$AllocBitmapCreateDeleteGdipLoadLock$FindFreeFromSizeofStreamUnlock
                                                                                                  • String ID: ]
                                                                                                  • API String ID: 3561356813-3352871620
                                                                                                  • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                                  • Instruction ID: 84578f9fb8f8475c6a9d0a7baafa044f4ced3d6bde200599cb7818132703e06c
                                                                                                  • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                                  • Instruction Fuzzy Hash: FA11B965F0934241FA749B11A6E43B95391EFA8BC4F4840B4F91D87B99DF2EE8448710
                                                                                                  Function 00007FF69E59AE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                                                                  • String ID:
                                                                                                  • API String ID: 1266772231-0
                                                                                                  • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                                  • Instruction ID: 9d2ac0c50b7a8db4d280ca2915d54c480fa5ff21d99cbba637d4f51256f54a9a
                                                                                                  • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                                  • Instruction Fuzzy Hash: CEF03C29F3894282FB609B64E8E5A762361FFE0B05FC09072F54EC1854DF2ED548CB20
                                                                                                  Function 00007FF69E5991E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                  • String ID: EDIT
                                                                                                  • API String ID: 4243998846-3080729518
                                                                                                  • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                                  • Instruction ID: a9206f38b64a9859d62cf9cde4577e244f0f00378245ccc23b7ec4faa53348f9
                                                                                                  • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                                  • Instruction Fuzzy Hash: AB016261F18A4781FE309B21A8B03F563A0EFB8740F885071E94D86755DE2ED1498760
                                                                                                  Function 00007FF69E582CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 4211 7ff69e582ce0-7ff69e582d0a 4212 7ff69e582d0c-7ff69e582d0e 4211->4212 4213 7ff69e582d13-7ff69e582d1b 4211->4213 4214 7ff69e582ea9-7ff69e582ec4 call 7ff69e5a2320 4212->4214 4215 7ff69e582d1d-7ff69e582d28 GetStdHandle 4213->4215 4216 7ff69e582d2b 4213->4216 4215->4216 4218 7ff69e582d31-7ff69e582d3d 4216->4218 4220 7ff69e582d86-7ff69e582da2 WriteFile 4218->4220 4221 7ff69e582d3f-7ff69e582d44 4218->4221 4224 7ff69e582da6-7ff69e582da9 4220->4224 4222 7ff69e582d46-7ff69e582d7a WriteFile 4221->4222 4223 7ff69e582daf-7ff69e582db3 4221->4223 4222->4224 4225 7ff69e582d7c-7ff69e582d82 4222->4225 4226 7ff69e582ea2-7ff69e582ea6 4223->4226 4227 7ff69e582db9-7ff69e582dbd 4223->4227 4224->4223 4224->4226 4225->4222 4228 7ff69e582d84 4225->4228 4226->4214 4227->4226 4229 7ff69e582dc3-7ff69e582dd8 call 7ff69e57b4f8 4227->4229 4228->4224 4232 7ff69e582dda-7ff69e582de1 4229->4232 4233 7ff69e582e1e-7ff69e582e6d call 7ff69e5a797c call 7ff69e57129c call 7ff69e57bca8 4229->4233 4232->4218 4234 7ff69e582de7-7ff69e582de9 4232->4234 4233->4226 4244 7ff69e582e6f-7ff69e582e86 4233->4244 4234->4218 4236 7ff69e582def-7ff69e582e19 4234->4236 4236->4218 4245 7ff69e582e9d call 7ff69e5a220c 4244->4245 4246 7ff69e582e88-7ff69e582e9b 4244->4246 4245->4226 4246->4245 4247 7ff69e582ec5-7ff69e582ecb call 7ff69e5a7904 4246->4247
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileWrite$Handle
                                                                                                  • String ID:
                                                                                                  • API String ID: 4209713984-0
                                                                                                  • Opcode ID: c0878563cb540de980db5307815f43949119fc8f7ca07e724854b0feeef95fd0
                                                                                                  • Instruction ID: 896160aeb64b17fef405903d1b6658c47039b89ed97f00080a0ed9e27fbb6947
                                                                                                  • Opcode Fuzzy Hash: c0878563cb540de980db5307815f43949119fc8f7ca07e724854b0feeef95fd0
                                                                                                  • Instruction Fuzzy Hash: D8511826B2964292FA70CB25D4A477A2750FF68B90F445172FA0E87AD0DF3EE485C320
                                                                                                  Function 00007FF69E5A03E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$TextWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 2912839123-0
                                                                                                  • Opcode ID: 5bbef335480f89d9103c2d41cda01abea0e825fa5e52d7f7b27aac393a9d4e81
                                                                                                  • Instruction ID: a824ac0a447c927d195a22810cc752d782df8ff681014da2445a6a5f39f4a92d
                                                                                                  • Opcode Fuzzy Hash: 5bbef335480f89d9103c2d41cda01abea0e825fa5e52d7f7b27aac393a9d4e81
                                                                                                  • Instruction Fuzzy Hash: 7851B462F6465185FF209B64D8A53AD2322FF69BA4F400276FA1C96BD6DF6ED440C330
                                                                                                  Function 00007FF69E5A2D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                  • String ID:
                                                                                                  • API String ID: 1452418845-0
                                                                                                  • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                                  • Instruction ID: 1d86b2f40966d7cac1ce14fecbeed5ad6845487cae1cc13b52f4409006eec011
                                                                                                  • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                                  • Instruction Fuzzy Hash: 8D314C24E8C24352FA34AB64D5F23BA1391EF68764F4454B4F90ECB6D3DE2EA445C270
                                                                                                  Function 00007FF69E583684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2359106489-0
                                                                                                  • Opcode ID: a981d72998619812671fb74e2af9e44be046492d5270f9ab3d6661079687cefa
                                                                                                  • Instruction ID: b0df261f1fb6c050bf80b28da1d6766ee770b9f71f5694b7d188e824d67b78c9
                                                                                                  • Opcode Fuzzy Hash: a981d72998619812671fb74e2af9e44be046492d5270f9ab3d6661079687cefa
                                                                                                  • Instruction Fuzzy Hash: 3331D322E2C68281EA309B25A4E42796351FFA87A0F540271FECDC26D6DF3ED5458620
                                                                                                  Function 00007FF69E582320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$FileHandleRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 2244327787-0
                                                                                                  • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                                  • Instruction ID: b0a98d42f5d2fdf279d8e151df67f18d4cd0b93ec200cded75e562d3e7663444
                                                                                                  • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                                  • Instruction Fuzzy Hash: 0621D426E2CA0282EA305F11A4B023D6BA0FB79B94F244570FA5DC6684CF3ED885C730
                                                                                                  Function 00007FF69E58E948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF69E58ECD8: ResetEvent.KERNEL32 ref: 00007FF69E58ECF1
                                                                                                    • Part of subcall function 00007FF69E58ECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF69E58ED07
                                                                                                  • ReleaseSemaphore.KERNEL32 ref: 00007FF69E58E974
                                                                                                  • CloseHandle.KERNELBASE ref: 00007FF69E58E993
                                                                                                  • DeleteCriticalSection.KERNEL32 ref: 00007FF69E58E9AA
                                                                                                  • CloseHandle.KERNEL32 ref: 00007FF69E58E9B7
                                                                                                    • Part of subcall function 00007FF69E58EA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E58E95F,?,?,?,00007FF69E58463A,?,?,?), ref: 00007FF69E58EA63
                                                                                                    • Part of subcall function 00007FF69E58EA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E58E95F,?,?,?,00007FF69E58463A,?,?,?), ref: 00007FF69E58EA6E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 502429940-0
                                                                                                  • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                                  • Instruction ID: c6743cdda1babc80385f718d25fc8f30868f76cd2a52609f95491343b81e00e6
                                                                                                  • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                                  • Instruction Fuzzy Hash: 71014433E19A91A2E654DB21D99426D7330FB98BC0F045071EB5D43615CF3AE4B5C750
                                                                                                  Function 00007FF69E58EAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Thread$CreatePriority
                                                                                                  • String ID: CreateThread failed
                                                                                                  • API String ID: 2610526550-3849766595
                                                                                                  • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                                  • Instruction ID: bbc5109038a786aa21aefee440e67edd6ac074561cf0d29ad609524252ee2a4a
                                                                                                  • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                                  • Instruction Fuzzy Hash: F3118231A19A4292E720DB10E8E11797371FBA4788F5881B2F64D83668DF3EE591C720
                                                                                                  Function 00007FF69E59946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DirectoryInitializeMallocSystem
                                                                                                  • String ID: riched20.dll
                                                                                                  • API String ID: 174490985-3360196438
                                                                                                  • Opcode ID: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                                                  • Instruction ID: d9d8f9e8bb1f9785d2f2e4a8ddb25b5dfd917c56d88a1d43e04cf339458e140a
                                                                                                  • Opcode Fuzzy Hash: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                                                  • Instruction Fuzzy Hash: 4AF06875A18A4182E7209F60F4A516E73A0FF58754F444176F58D82754DF7DD18DCB10
                                                                                                  Function 00007FF69E59095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF69E59853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF69E59856C
                                                                                                    • Part of subcall function 00007FF69E58AAE0: LoadStringW.USER32 ref: 00007FF69E58AB67
                                                                                                    • Part of subcall function 00007FF69E58AAE0: LoadStringW.USER32 ref: 00007FF69E58AB80
                                                                                                    • Part of subcall function 00007FF69E571FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E571FFB
                                                                                                    • Part of subcall function 00007FF69E57129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF69E571396
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E5A01BB
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E5A01C1
                                                                                                  • SendDlgItemMessageW.USER32 ref: 00007FF69E5A01F2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                                  • String ID:
                                                                                                  • API String ID: 3106221260-0
                                                                                                  • Opcode ID: 45fd903f6b2aec8c71a10246635352740a8ca63c8d8b2cd055e955d931041677
                                                                                                  • Instruction ID: 4d518fd202fc6e8f4076f11642b1bd72188c01f17c103fb96490aac17d21c4d3
                                                                                                  • Opcode Fuzzy Hash: 45fd903f6b2aec8c71a10246635352740a8ca63c8d8b2cd055e955d931041677
                                                                                                  • Instruction Fuzzy Hash: 0651F462F5464296FB20ABB1D4A12FD2322EBA9BD4F404176FE0D977D6DE2ED500C360
                                                                                                  Function 00007FF69E582134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2272807158-0
                                                                                                  • Opcode ID: 3b1c5875d2376cde5b1bec2bbb6cafe0f549f25560c923a31bace2492b4c6367
                                                                                                  • Instruction ID: eaf11c3f14a21ddbc24725d799474bb80cb0df6cc99a116a971a7c23c8a65db2
                                                                                                  • Opcode Fuzzy Hash: 3b1c5875d2376cde5b1bec2bbb6cafe0f549f25560c923a31bace2492b4c6367
                                                                                                  • Instruction Fuzzy Hash: 2C410677A1878582EB348B15E4A426967A0FB987B4F105370EFAD43AD5CF3EE490C710
                                                                                                  Function 00007FF69E5723F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2176759853-0
                                                                                                  • Opcode ID: 107cbe78643896cd277503af9d79c84134f19e12336bfdef765791961383781f
                                                                                                  • Instruction ID: f4417487b5e8e7834df9146e23df1c6ad63c259aaa115bdad167c761e0ff6aea
                                                                                                  • Opcode Fuzzy Hash: 107cbe78643896cd277503af9d79c84134f19e12336bfdef765791961383781f
                                                                                                  • Instruction Fuzzy Hash: 6821C272A28B8181EA208B25A49017AB361FB9DBE0F144232FF9D43BA5DF3DD090C740
                                                                                                  Function 00007FF69E591F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: std::bad_alloc::bad_alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 1875163511-0
                                                                                                  • Opcode ID: 7fdfb8b08260a68de66ecd622df27e98485fdb680c183650925e5cdb3d7d3185
                                                                                                  • Instruction ID: 6fb0bce015422b6cb8be033a048628f157e2d59c4245ec0afb605eae3b830c4c
                                                                                                  • Opcode Fuzzy Hash: 7fdfb8b08260a68de66ecd622df27e98485fdb680c183650925e5cdb3d7d3185
                                                                                                  • Instruction Fuzzy Hash: AA310752A0C69651FB349710F4E83F963A0FB64784F844071F28C86AA9DF7EE986C321
                                                                                                  Function 00007FF69E583D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1203560049-0
                                                                                                  • Opcode ID: 9ad1da1d281fb88a90e37ecd930f681ad4649b1953909ec7c8adb17a28908e15
                                                                                                  • Instruction ID: bc19c7fb596fd18a6d9e6f74a91b146184e05246fa072e7bd1872c303556ea49
                                                                                                  • Opcode Fuzzy Hash: 9ad1da1d281fb88a90e37ecd930f681ad4649b1953909ec7c8adb17a28908e15
                                                                                                  • Instruction Fuzzy Hash: 1221F822B1868181EE308B25E8E526D6361FF98BD4F005270FA9E83695DF3DD541CA10
                                                                                                  Function 00007FF69E5831BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3118131910-0
                                                                                                  • Opcode ID: 72c673f2880adfe6ea93f0d9f4cbebf29628e435fcdd813aa7a5852a82454db7
                                                                                                  • Instruction ID: b269f18c6eaa5237ba291ba085561533bab0f20ad5ef00a16ca29e503051cb17
                                                                                                  • Opcode Fuzzy Hash: 72c673f2880adfe6ea93f0d9f4cbebf29628e435fcdd813aa7a5852a82454db7
                                                                                                  • Instruction Fuzzy Hash: E621C822E2878181EE30CB25F4A526E6360FFA8BD4F501271FADE82A95DF3DD540C720
                                                                                                  Function 00007FF69E5832BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1203560049-0
                                                                                                  • Opcode ID: 40ad9405655d088623e5613f9ff1dd24c057f9c22428089c7716efbf5db7ae43
                                                                                                  • Instruction ID: 7fd029d46bcd7d86ee31f35c5d9ec7405f14f6d936c0546ecdbad1934fa208ff
                                                                                                  • Opcode Fuzzy Hash: 40ad9405655d088623e5613f9ff1dd24c057f9c22428089c7716efbf5db7ae43
                                                                                                  • Instruction Fuzzy Hash: A221C832A2878182EA308B28F49512D6361FBE9BA4F101371FA9D83BE5DF3DD440CB10
                                                                                                  Function 00007FF69E5ABF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                  • String ID:
                                                                                                  • API String ID: 1703294689-0
                                                                                                  • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                                  • Instruction ID: 5836dc5535dbe12938c542be9e058a2433c10192559bdfca6f45873ee7211844
                                                                                                  • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                                  • Instruction Fuzzy Hash: 5DE01A28E4430546EAB46B2198E53792352EFA8B51F1854B8E80A82396CE3EA4098671
                                                                                                  Function 00007FF69E57F578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E57F895
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E57F89B
                                                                                                    • Part of subcall function 00007FF69E583EC8: FindClose.KERNELBASE(?,?,00000000,00007FF69E590811), ref: 00007FF69E583EFD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                                  • String ID:
                                                                                                  • API String ID: 3587649625-0
                                                                                                  • Opcode ID: 44abb0682f967f460a7072b25e4fa972253f86b985b214d6bbaaf9474643afb7
                                                                                                  • Instruction ID: 26fb96561f92f8a1f1b1402f02f872603f93b358a1f05c8265100934825c8aec
                                                                                                  • Opcode Fuzzy Hash: 44abb0682f967f460a7072b25e4fa972253f86b985b214d6bbaaf9474643afb7
                                                                                                  • Instruction Fuzzy Hash: 5D91E273A18B8190EB20DF24D4D42AD6361FBA4798F908176FA4C87AE9DF7ED551C320
                                                                                                  Function 00007FF69E573904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: 201b90534166b8da7461634ac6a816a56932a3fdfe7bfd1a1f820e126a9c965b
                                                                                                  • Instruction ID: 464184a73c5733d039c1592fc0afae7b90f2c15f664f5f75a1a002e2f6e0354e
                                                                                                  • Opcode Fuzzy Hash: 201b90534166b8da7461634ac6a816a56932a3fdfe7bfd1a1f820e126a9c965b
                                                                                                  • Instruction Fuzzy Hash: 61410562F1465184FB20DB71D4A12EC2320EF64BE8F148175FE5DA7ADACE3AD552C320
                                                                                                  Function 00007FF69E582778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF69E58274D), ref: 00007FF69E5828A9
                                                                                                  • GetLastError.KERNEL32(?,00007FF69E58274D), ref: 00007FF69E5828B8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                  • String ID:
                                                                                                  • API String ID: 2976181284-0
                                                                                                  • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                                  • Instruction ID: 872a097660f616a5f27e044851d471c4ed38b3ed612893e2ddad963cc1804b72
                                                                                                  • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                                  • Instruction Fuzzy Hash: 5F31F826F2974286EE704B6AD5D06B52750EF28BD4F141171FE1D87790DE3EE441CB60
                                                                                                  Function 00007FF69E571474 Relevance: 3.1, APIs: 2, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 73155330-0
                                                                                                  • Opcode ID: 8daf687ad688f16a09269b498f1d42b7f5edb35663fb3cc122c6a0ab6a165668
                                                                                                  • Instruction ID: c69b929a83b75af505d9250a0fbaed238e778429e0fd5bb71c692025dc863080
                                                                                                  • Opcode Fuzzy Hash: 8daf687ad688f16a09269b498f1d42b7f5edb35663fb3cc122c6a0ab6a165668
                                                                                                  • Instruction Fuzzy Hash: 93315661B1464685EE289B5296901786391EB14FF0F588671FB3E87BD5EE3FE0A1C320
                                                                                                  Function 00007FF69E5722BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1746051919-0
                                                                                                  • Opcode ID: 5a2890223aea6d88e53338121990f25a14a9249d0429ebf34ef8f54134bab86e
                                                                                                  • Instruction ID: 2aef6c7d7b9ab17dd75cb292de0ea697a8fa93fe2b166666ac95deeed9051682
                                                                                                  • Opcode Fuzzy Hash: 5a2890223aea6d88e53338121990f25a14a9249d0429ebf34ef8f54134bab86e
                                                                                                  • Instruction Fuzzy Hash: 0D31F262A1974182EA308B15F4A537EB360EBA8790F448231FB9C47BE5DF3EE090C710
                                                                                                  Function 00007FF69E582AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$BuffersFlushTime
                                                                                                  • String ID:
                                                                                                  • API String ID: 1392018926-0
                                                                                                  • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                                  • Instruction ID: 9badeae0a5437e1fdd75e2842900b24314e90731003726454094652c95da867c
                                                                                                  • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                                  • Instruction Fuzzy Hash: AB21F426F2EB4651EA728E11D4A43BA6B94EF29795F1440B1EE4C43291EE3ED886C310
                                                                                                  Function 00007FF69E58AAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LoadString
                                                                                                  • String ID:
                                                                                                  • API String ID: 2948472770-0
                                                                                                  • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                                  • Instruction ID: aa7e9474f17a4af7a910fe0b93a0d69b8ad9debf8ab968d7841cdbb79e242580
                                                                                                  • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                                  • Instruction Fuzzy Hash: 9911DD78B0961186EB609F06A8A006877A2FBA8FC0F948476EE0DD3721DF3DE5808354
                                                                                                  Function 00007FF69E582BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                  • String ID:
                                                                                                  • API String ID: 2976181284-0
                                                                                                  • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                                  • Instruction ID: 17667bbe590d66accc3660ec53cd20ad536af5516a7858582d7a7a98bcbc01d1
                                                                                                  • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                                  • Instruction Fuzzy Hash: B311A235A1864191EB708B25E8D42796660FB68BB4F544371FB7D822D4CF3ED992C310
                                                                                                  Function 00007FF69E57255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ItemRectTextWindow$Clientswprintf
                                                                                                  • String ID:
                                                                                                  • API String ID: 3322643685-0
                                                                                                  • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                                  • Instruction ID: c5db17222ad79d74488c51474c12df5d9b737bf5d7bac3a2d9ccb269712d64b7
                                                                                                  • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                                  • Instruction Fuzzy Hash: 9901B554E1E25A41FF755752A0F42791351DF69740F0880B1F80D8A2DEEE2FE4D4C320
                                                                                                  Function 00007FF69E58EB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF69E58EBAD,?,?,?,?,00007FF69E585752,?,?,?,00007FF69E5856DE), ref: 00007FF69E58EB5C
                                                                                                  • GetProcessAffinityMask.KERNEL32 ref: 00007FF69E58EB6F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$AffinityCurrentMask
                                                                                                  • String ID:
                                                                                                  • API String ID: 1231390398-0
                                                                                                  • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                                  • Instruction ID: a1afacad1c872610ce40cf854280cca6b805808295fbd2ac63795a19491320bc
                                                                                                  • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                                  • Instruction Fuzzy Hash: 2BE02B61F2458642DF288F55C8A14E973A2FFD8B40B849036F60BC3614EE2DE1458B00
                                                                                                  Function 00007FF69E5A21D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 1173176844-0
                                                                                                  • Opcode ID: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                                                  • Instruction ID: 112654e1b54343f63ac9d09c2abca45c5fac7a63aea9f4c44353ad72663944a0
                                                                                                  • Opcode Fuzzy Hash: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                                                  • Instruction Fuzzy Hash: 17E0EC44E8D10B41FA7822611AF71B40040CF7D370E1857B0FA3EC42C2AE1EA4A1C170
                                                                                                  Function 00007FF69E5AD90C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 485612231-0
                                                                                                  • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                                  • Instruction ID: 6bc52b07fdddc1a1aa0a07c0005373eedc9be47644aabf6ff6b8965210e4b75e
                                                                                                  • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                                  • Instruction Fuzzy Hash: 61E0E651E4950746FF347BB258E52B81291DFB4769B0850B4E90DC7252EE3ED4C58730
                                                                                                  Function 00007FF69E5733E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: 8973f6dd9431ba46d3bf1a88a46cf03a2367f8849ffb2f85ec4e02e103e92b3e
                                                                                                  • Instruction ID: 3e7662507b5ad0106358482737c8b775207fca74ddf40418e9297bd9604fbfab
                                                                                                  • Opcode Fuzzy Hash: 8973f6dd9431ba46d3bf1a88a46cf03a2367f8849ffb2f85ec4e02e103e92b3e
                                                                                                  • Instruction Fuzzy Hash: A9D1DD72B0968155EB388B2595E02BD67A1FB25B94F0480B5EB5D877A2CF3FF5708320
                                                                                                  Function 00007FF69E585294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1017591355-0
                                                                                                  • Opcode ID: a143f18b4ccf410723d5b55495dd87be6177e3dd9b35435d6782b563dee17ef9
                                                                                                  • Instruction ID: ca6be02bfa91d45d56fa3ba617a55b0d3993990ec0ed697cacb7aa643d8bc2da
                                                                                                  • Opcode Fuzzy Hash: a143f18b4ccf410723d5b55495dd87be6177e3dd9b35435d6782b563dee17ef9
                                                                                                  • Instruction Fuzzy Hash: 35614491E2C24781FA709E2684B527E62B1EF71BD0F1450B1FE4DC6AE5EE6FE4418230
                                                                                                  Function 00007FF69E591870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF69E58E948: ReleaseSemaphore.KERNEL32 ref: 00007FF69E58E974
                                                                                                    • Part of subcall function 00007FF69E58E948: CloseHandle.KERNELBASE ref: 00007FF69E58E993
                                                                                                    • Part of subcall function 00007FF69E58E948: DeleteCriticalSection.KERNEL32 ref: 00007FF69E58E9AA
                                                                                                    • Part of subcall function 00007FF69E58E948: CloseHandle.KERNEL32 ref: 00007FF69E58E9B7
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E591ACB
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseHandle$CriticalDeleteReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 904680172-0
                                                                                                  • Opcode ID: 83a8608da7dc23804aca21668a1faaf692e5e9dd69844c9f3465cc8d5fef8d50
                                                                                                  • Instruction ID: af3dfeb8ad9e037763ee2212c3917ac76da80338b70a38cd95dbb6eef0278fc9
                                                                                                  • Opcode Fuzzy Hash: 83a8608da7dc23804aca21668a1faaf692e5e9dd69844c9f3465cc8d5fef8d50
                                                                                                  • Instruction Fuzzy Hash: E261B2A2B1569591EE28DB65D6A40FC7365FF50B90F944172F72D8BAC1CF2AE870C310
                                                                                                  Function 00007FF69E57EC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: d3e9fa35f1103ad580ad4f8a12127b3ececafcbd4c14c285a9c87c65cd680fd4
                                                                                                  • Instruction ID: fa1aec544758833a10e0d7783a9769e58660f4b60d7ecc743fec6b81efd2a9f9
                                                                                                  • Opcode Fuzzy Hash: d3e9fa35f1103ad580ad4f8a12127b3ececafcbd4c14c285a9c87c65cd680fd4
                                                                                                  • Instruction Fuzzy Hash: 8651D162A0878280FE249B25D4E53AD2751FBA5BD4F44817AFE4D87392CE3FE495C320
                                                                                                  Function 00007FF69E57E7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF69E583EC8: FindClose.KERNELBASE(?,?,00000000,00007FF69E590811), ref: 00007FF69E583EFD
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E57E993
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1011579015-0
                                                                                                  • Opcode ID: b25a0dcdf97d563b9153ddc70198164d8453106f1b1cd9031932cf08272d4a92
                                                                                                  • Instruction ID: 1599eac070163ea6d95472ce137ef5feb383934c9e656eca7de3b7938dfb5920
                                                                                                  • Opcode Fuzzy Hash: b25a0dcdf97d563b9153ddc70198164d8453106f1b1cd9031932cf08272d4a92
                                                                                                  • Instruction Fuzzy Hash: A0517F22A1878682FB708F25D4E536D2361FBA4B84F448176FA8D876A5DF3FD851C720
                                                                                                  Function 00007FF69E581794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: 2ab291a55beab11c367d4576895bfd1e9e111fb744aff405aebdba5253b71b00
                                                                                                  • Instruction ID: 8fe966eb59442f634f660499a586ca625e1b5c2e15943f22f032cf67c7b663ff
                                                                                                  • Opcode Fuzzy Hash: 2ab291a55beab11c367d4576895bfd1e9e111fb744aff405aebdba5253b71b00
                                                                                                  • Instruction Fuzzy Hash: 6C410862B28A8142EA249A17AA91379A351FF94FC0F448475FF4C87F5ADF3DD4518700
                                                                                                  Function 00007FF69E582F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: f5994b23863df56f13e19732c7b5392fac300bbdca5fd5cc38b58261a4c2634e
                                                                                                  • Instruction ID: 6d0a9d4a1e3544aa45bd8c7acc7caa5d08616b4a187393fe6ed1760da5f37f10
                                                                                                  • Opcode Fuzzy Hash: f5994b23863df56f13e19732c7b5392fac300bbdca5fd5cc38b58261a4c2634e
                                                                                                  • Instruction Fuzzy Hash: 0E412922A2870180EF349B29E1E53792361EFA5BD4F041175FA4D877AADF3EE440C720
                                                                                                  Function 00007FF69E5ABDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                  • String ID:
                                                                                                  • API String ID: 3947729631-0
                                                                                                  • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                                  • Instruction ID: 5b9dc63cfb193f14b54e19ff528f89c4b3bdfa177d31887e33bef7f20fc46d2b
                                                                                                  • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                                  • Instruction Fuzzy Hash: AF419D21E5864292EBB49B11D4F02782761EF74B50F4454B6FA0D876A1DF3FE88087B0
                                                                                                  Function 00007FF69E57129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 680105476-0
                                                                                                  • Opcode ID: 5c3fc0f1720a62962cfd68d86af4f4fa3b997526018769ff33dab12e8b863651
                                                                                                  • Instruction ID: 3cdab5a58355aba3cb2fa4d8c5bc5abb9e84b2f1c44ed5eff17f7c9d38d8772e
                                                                                                  • Opcode Fuzzy Hash: 5c3fc0f1720a62962cfd68d86af4f4fa3b997526018769ff33dab12e8b863651
                                                                                                  • Instruction Fuzzy Hash: 5A219522A0875185EA249F52A69027D6250FB24BF0F584770EF7EC7BD1DE7FE0618364
                                                                                                  Function 00007FF69E5B124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID:
                                                                                                  • API String ID: 3215553584-0
                                                                                                  • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                                  • Instruction ID: 9493f6e4d19e62f21fd315e97e59448e6accb6412bbbfa68f370746e62f7ea37
                                                                                                  • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                                  • Instruction Fuzzy Hash: F8115E32D1C64286F7709F52A5E0639B2A4FF60380F5801B5FA8DC7695DF2EE8408724
                                                                                                  Function 00007FF69E573AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: d36793c31387f104dd38dd6a9dfed600e2c4ae88e6f2c17daf49c6767410ecdf
                                                                                                  • Instruction ID: ddecd96c0f5e4727144b4886bbed9293c897eb434c85e1143eba9a8bd01fadb8
                                                                                                  • Opcode Fuzzy Hash: d36793c31387f104dd38dd6a9dfed600e2c4ae88e6f2c17daf49c6767410ecdf
                                                                                                  • Instruction Fuzzy Hash: 0D01C462E1868581EA319729E4E12297361FFE9BA0F409271FA9C47AA6DF2ED1408714
                                                                                                  Function 00007FF69E5A1558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF69E5A1604: GetModuleHandleW.KERNEL32(?,?,?,00007FF69E5A1573,?,?,?,00007FF69E5A192A), ref: 00007FF69E5A162B
                                                                                                  • DloadProtectSection.DELAYIMP ref: 00007FF69E5A15C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DloadHandleModuleProtectSection
                                                                                                  • String ID:
                                                                                                  • API String ID: 2883838935-0
                                                                                                  • Opcode ID: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                                                  • Instruction ID: b455c3858959001f41faea766a853fe9345ff7dd404ac8ffa7ffa75659ee88c4
                                                                                                  • Opcode Fuzzy Hash: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                                                  • Instruction Fuzzy Hash: 1B11BEA4D4850761FB70AB19E9E03701350EF38358F1401F5F90DC63A1EE3EA495CA70
                                                                                                  Function 00007FF69E583EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF69E5840BC: FindFirstFileW.KERNELBASE ref: 00007FF69E58410B
                                                                                                    • Part of subcall function 00007FF69E5840BC: FindFirstFileW.KERNELBASE ref: 00007FF69E58415E
                                                                                                    • Part of subcall function 00007FF69E5840BC: GetLastError.KERNEL32 ref: 00007FF69E5841AF
                                                                                                  • FindClose.KERNELBASE(?,?,00000000,00007FF69E590811), ref: 00007FF69E583EFD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Find$FileFirst$CloseErrorLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 1464966427-0
                                                                                                  • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                                  • Instruction ID: 4d741b2a20b8602f9edf88fc3b7f2cd3f274762ee5707d558231d74fd3f3709b
                                                                                                  • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                                  • Instruction Fuzzy Hash: 70F0A46291824185EA20AB75A1911793760DB25BB4F1413B4FA3D472C7CE2DD844C765
                                                                                                  Function 00007FF69E58273C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File
                                                                                                  • String ID:
                                                                                                  • API String ID: 749574446-0
                                                                                                  • Opcode ID: 7793d0dfaf1bed477703e517dfb550f1e48d00439aedf8bd4eeb9f79e866bcb3
                                                                                                  • Instruction ID: a79e4b2cb1433a66d1abd469ec3887d78820400bedf46bbbc96d4fd34b561cb1
                                                                                                  • Opcode Fuzzy Hash: 7793d0dfaf1bed477703e517dfb550f1e48d00439aedf8bd4eeb9f79e866bcb3
                                                                                                  • Instruction Fuzzy Hash: EFE0C216F2051582FF30AB3BC8A26791320EF9CFC4B4820B0EE4C87361CE3AD481CA10
                                                                                                  Function 00007FF69E582490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileType
                                                                                                  • String ID:
                                                                                                  • API String ID: 3081899298-0
                                                                                                  • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                                  • Instruction ID: 61b97c1b88491903d85fddb310b3d9fc7a2132590409bfa727134b60ee268ac5
                                                                                                  • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                                  • Instruction Fuzzy Hash: 6AD0C92AE19841D2E920967598A103C2250EFA6735FA427A1E63EC16E1CE1E9496A231
                                                                                                  Function 00007FF69E587FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentDirectory
                                                                                                  • String ID:
                                                                                                  • API String ID: 1611563598-0
                                                                                                  • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                                  • Instruction ID: 310b94209f6f42396e1d8c6808bd57214beee4f1c587b7683b4cca7c7bb95f73
                                                                                                  • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                                  • Instruction Fuzzy Hash: BCC08C21F19902C1DA189B26C8D902813A4FB60B04B644074E10CC1130CE2ECAEA9355
                                                                                                  Function 00007FF69E5AFA04 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 4292702814-0
                                                                                                  • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                                  • Instruction ID: 51d4a2ee7a84c26000ec242026e70313a137a9752f55c4767af0a549ded487fa
                                                                                                  • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                                  • Instruction Fuzzy Hash: 60F06D54B8960745FEB45E6199F13F41290EF79BA4F0C54B0E90ECABC1EE2EE6814230
                                                                                                  Function 00007FF69E5820D0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 2962429428-0
                                                                                                  • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                                  • Instruction ID: 95ba6fe67cffea47ee4e2efbed7cb0394a2010793e463390eb01b7a717c2d5f4
                                                                                                  • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                                  • Instruction Fuzzy Hash: 0AF02222E1828295FB708B30E0903782B61EB28BB8F2843B5F73C811C4CF29C895C721
                                                                                                  Function 00007FF69E5AD94C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 4292702814-0
                                                                                                  • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                                  • Instruction ID: 48fb05b931ae075b35e6ef0c616f007614b3ed05b8be719dafea4ffdb1703384
                                                                                                  • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                                  • Instruction Fuzzy Hash: 03F05810B8920B49FF747AB158F03B41290DFA87B8F0816B0F92EC62D1DE2EE4808330

                                                                                                  Non-executed Functions

                                                                                                  Function 00007FF69E57C2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
                                                                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                  • API String ID: 2659423929-3508440684
                                                                                                  • Opcode ID: 06daf32ec71af5be28d5ebbea321446fab7e236c627a8ebd1d3548b4ada623bc
                                                                                                  • Instruction ID: d8d8855706773217b75c79d865d71cc26d1d3dd564e638dbdd52569412cb74c5
                                                                                                  • Opcode Fuzzy Hash: 06daf32ec71af5be28d5ebbea321446fab7e236c627a8ebd1d3548b4ada623bc
                                                                                                  • Instruction Fuzzy Hash: D762F462F1864285FB20DB74D4E42BD2361EFA57A4F508271FA6D936E5DF3AD094C320
                                                                                                  Function 00007FF69E58F180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                                                                  • String ID: %ls$%s: %s
                                                                                                  • API String ID: 2539828978-2259941744
                                                                                                  • Opcode ID: 2558469245adfebd394a382959a1e83256cfe0ae662a2232536a91e5aa36abf2
                                                                                                  • Instruction ID: 3bb2a402eb6b81991226aa47938f27b34a61b601ec16724a978d992dfa07d2d1
                                                                                                  • Opcode Fuzzy Hash: 2558469245adfebd394a382959a1e83256cfe0ae662a2232536a91e5aa36abf2
                                                                                                  • Instruction Fuzzy Hash: D1B2EA62A5868282EA309B25D4E41FE6311FFE9790F504376F69D83BE6DF2ED540C720
                                                                                                  Function 00007FF69E5B2550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                  • API String ID: 1759834784-2761157908
                                                                                                  • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                                  • Instruction ID: 816faa9f4955618cef0f3951feeb7c1e3c940131a41e44fb3007cb52d2e3473b
                                                                                                  • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                                  • Instruction Fuzzy Hash: 03B23B76E081828BE7358E25D4A07FD3791FB68788F185135EA09E7B85DF7AE504CB20
                                                                                                  Function 00007FF69E581A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                                                  • String ID: rtmp
                                                                                                  • API String ID: 3587137053-870060881
                                                                                                  • Opcode ID: 9c3bb7f88da4111c64c98a90087a1f69369957be9c2dd9b46383191453a00ac9
                                                                                                  • Instruction ID: 0619056a66212f28761ca0362574c3901afb917148b1f1e1f91c3de53c9e737b
                                                                                                  • Opcode Fuzzy Hash: 9c3bb7f88da4111c64c98a90087a1f69369957be9c2dd9b46383191453a00ac9
                                                                                                  • Instruction Fuzzy Hash: C6F1E122B28A8281EB20CB65D5E01FD6761FBA53D4F501172FA4EC7AA9DF3DD484C760
                                                                                                  Function 00007FF69E585B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 1693479884-0
                                                                                                  • Opcode ID: 94c40fc1776b877378c577d1225dc7de1713f847266351d9a4c2267181702c32
                                                                                                  • Instruction ID: 1b612a886dc5b40382975b3a214080aa7536ddb7d8c4e74e72d5d0d53e935e2a
                                                                                                  • Opcode Fuzzy Hash: 94c40fc1776b877378c577d1225dc7de1713f847266351d9a4c2267181702c32
                                                                                                  • Instruction Fuzzy Hash: 24A1C4A2F25A5184FE208B79D8A41BC2331EFA9BE4B145271EE6D97BD4DE3DE041C210
                                                                                                  Function 00007FF69E5A3170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 3140674995-0
                                                                                                  • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                                  • Instruction ID: 2e5148a7aa1f51bf445537bce38271fb1f38e18a664d94ab18d7a1918ceadddb
                                                                                                  • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                                  • Instruction Fuzzy Hash: 1D315272A08B819AEB708F64E8A03ED7360FB94758F444479EB4D87B99DF39D548C720
                                                                                                  Function 00007FF69E5A76D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 1239891234-0
                                                                                                  • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                                  • Instruction ID: 560e49b07ef211cde10abb5c33843668c91af7044dc8090f645f1855b22b264b
                                                                                                  • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                                  • Instruction Fuzzy Hash: 5C316232608B8196DB608F25E8902AE73A0FB94754F540175FA9D83B59DF39D545CB10
                                                                                                  Function 00007FF69E571AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668304517-0
                                                                                                  • Opcode ID: f1c6c325f9f3faed7a740967ccba3cb284d408a97d6dcbce278d86fae0ae8c65
                                                                                                  • Instruction ID: 02430dbf68b43408dd0da8476e74291e39fbcd1bede603b8051e0fceedf19442
                                                                                                  • Opcode Fuzzy Hash: f1c6c325f9f3faed7a740967ccba3cb284d408a97d6dcbce278d86fae0ae8c65
                                                                                                  • Instruction Fuzzy Hash: 5CB10462B1468685EB209F25D9A02ED2361FFA97D4F409272FA4CC7B99DF3ED540C320
                                                                                                  Function 00007FF69E5AFA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF69E5AFAC4
                                                                                                    • Part of subcall function 00007FF69E5A7934: GetCurrentProcess.KERNEL32(00007FF69E5B0CCD), ref: 00007FF69E5A7961
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                  • String ID: *?$.
                                                                                                  • API String ID: 2518042432-3972193922
                                                                                                  • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                                  • Instruction ID: f830848473da4ac9c92f771929c4caa1a6c0c0786b342be15f27c29caffb5732
                                                                                                  • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                                  • Instruction Fuzzy Hash: 02510462B54B9985EB20DFA298A00BC63A4FB68BE8B444131EE1D57F85DF3DD0428330
                                                                                                  Function 00007FF69E5B2080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memcpy_s
                                                                                                  • String ID:
                                                                                                  • API String ID: 1502251526-0
                                                                                                  • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                  • Instruction ID: d473644ca65be18a82fb03d0eb6a46ece912266f72fa0642e3d0a38e2781bb74
                                                                                                  • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                  • Instruction Fuzzy Hash: 0BD1A436F1828687DB34CF15B19466AB791FBA8784F188134EB4E97B44DE3DE841CB20
                                                                                                  Function 00007FF69E57B6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                  • String ID:
                                                                                                  • API String ID: 1365068426-0
                                                                                                  • Opcode ID: a471a066277b062fb6d5795c074c31564509aaa162255506b86b7e98d1a040a7
                                                                                                  • Instruction ID: 3991a7fd62e5702c15118d3989ba8504deb82e56a1094405c201ebb25a63e8f7
                                                                                                  • Opcode Fuzzy Hash: a471a066277b062fb6d5795c074c31564509aaa162255506b86b7e98d1a040a7
                                                                                                  • Instruction Fuzzy Hash: 6C016272A0C74682EB609F22B8E017A6392FB99BC0F084074FA8DC7B45DF3ED5148710
                                                                                                  Function 00007FF69E5AFCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .
                                                                                                  • API String ID: 0-248832578
                                                                                                  • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                                  • Instruction ID: 845456f393ca7188a4364d8f5e9df261b8fc11355c09dba00e65dc3424734c29
                                                                                                  • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                                  • Instruction Fuzzy Hash: 0E310A22B0869145E7709A26D8657A96B91FB64BF4F148235FE6C87FC6CE3DD5018320
                                                                                                  Function 00007FF69E5B5AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                  • String ID:
                                                                                                  • API String ID: 15204871-0
                                                                                                  • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                                  • Instruction ID: 656b3e1de08ce869fa0921b6a4d572d0ef2412e5f24264e0ea50f6a1fa9528f7
                                                                                                  • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                                  • Instruction Fuzzy Hash: A8B170B3A10B848BEB29CF29C89636C37A1F744B48F198961EB5D877A4CF3AD451C710
                                                                                                  Function 00007FF69E598DF4 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ObjectRelease$CapsDevice
                                                                                                  • String ID:
                                                                                                  • API String ID: 1061551593-0
                                                                                                  • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                                  • Instruction ID: 3db713e274dd151251a257cc5426ac98764687284512cbc8e3d01e6801bbc6a3
                                                                                                  • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                                  • Instruction Fuzzy Hash: A4818B76F08A0596EB20CF6AD4A06AD7371FB98B88F505072EE0D97B64DF3AE144C350
                                                                                                  Function 00007FF69E59A2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FormatInfoLocaleNumber
                                                                                                  • String ID:
                                                                                                  • API String ID: 2169056816-0
                                                                                                  • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                                  • Instruction ID: 1c56c5be9a51fbd97960f2f752c749e9b6cdea18b830941f3607c6cd46936155
                                                                                                  • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                                  • Instruction Fuzzy Hash: 2A11AF36A08B8195E771CF11E8A03E97360FFA8B44F848071EA4C83664DF3DD145C714
                                                                                                  Function 00007FF69E58126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF69E5824C0: CreateFileW.KERNELBASE ref: 00007FF69E58259B
                                                                                                    • Part of subcall function 00007FF69E5824C0: GetLastError.KERNEL32 ref: 00007FF69E5825AE
                                                                                                    • Part of subcall function 00007FF69E5824C0: CreateFileW.KERNEL32 ref: 00007FF69E58260E
                                                                                                    • Part of subcall function 00007FF69E5824C0: GetLastError.KERNEL32 ref: 00007FF69E582617
                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF69E5815D0
                                                                                                    • Part of subcall function 00007FF69E583980: MoveFileW.KERNEL32 ref: 00007FF69E5839BD
                                                                                                    • Part of subcall function 00007FF69E583980: MoveFileW.KERNEL32 ref: 00007FF69E583A34
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 34527147-0
                                                                                                  • Opcode ID: b0aa1eb98be44e56a116eefab8112d55a52bc6a2967c977d5e0ac11a1da27cd0
                                                                                                  • Instruction ID: 03d2dbcf037e77c52c724aeb3796840457d838d16abeae62d69dfbb5fb31c479
                                                                                                  • Opcode Fuzzy Hash: b0aa1eb98be44e56a116eefab8112d55a52bc6a2967c977d5e0ac11a1da27cd0
                                                                                                  • Instruction Fuzzy Hash: 6891E126B28A4282EB20DB62D5A42BE6361FB64BC4F405072FE0DC7B95DF3ED545C720
                                                                                                  Function 00007FF69E584EB0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Version
                                                                                                  • String ID:
                                                                                                  • API String ID: 1889659487-0
                                                                                                  • Opcode ID: 5e1f820920c456f15e44ae9d5f0cc3b6f822566f542002a6e47536c5256bfc9c
                                                                                                  • Instruction ID: 03186ad97148ea80979197bdcfb897e1299f38692a242a9b716c743151b515f2
                                                                                                  • Opcode Fuzzy Hash: 5e1f820920c456f15e44ae9d5f0cc3b6f822566f542002a6e47536c5256bfc9c
                                                                                                  • Instruction Fuzzy Hash: 7D01BC3195D58286FA318720A4B03B53791DBB9306F4401B9E98C83391CF2EA888CB30
                                                                                                  Function 00007FF69E5A8C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID: 0
                                                                                                  • API String ID: 3215553584-4108050209
                                                                                                  • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                                  • Instruction ID: 17d405fa118c67ec67f5dee8557acbecb120c928d1952d5e5a1cade20a4e0ed4
                                                                                                  • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                                  • Instruction Fuzzy Hash: B2812921A58342A2EBB88A2590E867D23A0EF70764F9415B1FD09CB795CF3FE845C730
                                                                                                  Function 00007FF69E5A89A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID: 0
                                                                                                  • API String ID: 3215553584-4108050209
                                                                                                  • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                                  • Instruction ID: be92698aa4922de70abfac7605ab550f8934b9ccb1d472dc45f9e0a57a5bf6b0
                                                                                                  • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                                  • Instruction Fuzzy Hash: 7C716821A4C24666FB788E1850EC27D2390EF61734F9815B1FD09C76C6CE2FE8468730
                                                                                                  Function 00007FF69E58C96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: gj
                                                                                                  • API String ID: 0-4203073231
                                                                                                  • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                                  • Instruction ID: 2d562ea8a414c7e1cb13ff806069009172c2dae40775b7e3ffbcfe5f98ded0c0
                                                                                                  • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                                  • Instruction Fuzzy Hash: 5B51A037B286908BD724CF25E450A9EB3A5F388798F445126FF4A93B09CB39E945CF40
                                                                                                  Function 00007FF69E5AC838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                                  • Instruction ID: 9d63504eb6c51edaf27a3531d99f3e911e11cc7828a67e2572ea4eec1388064a
                                                                                                  • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                                  • Instruction Fuzzy Hash: 8A41DD22714A45CAEF54CF2AE4A42A973A5F768FD4B4D9036EE0D9B754DE3DD042C310
                                                                                                  Function 00007FF69E5B0D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 54951025-0
                                                                                                  • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                                  • Instruction ID: 83aa2e12759fd137f8ee1246bc2f56228d852b03429ba625a43e4295f0746296
                                                                                                  • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                                  • Instruction Fuzzy Hash: B1B09224E17A02C2EA182B156CE229822A4FF68710F9890B9E10C81320DE3E20E54720
                                                                                                  Function 00007FF69E593964 Relevance: .9, Instructions: 931COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
                                                                                                  • Instruction ID: cd352741b2c5448d6d0105d08a3b2c47e0e896b5bbca422bf0a36b435c967e2f
                                                                                                  • Opcode Fuzzy Hash: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
                                                                                                  • Instruction Fuzzy Hash: B0823AF3A096C186D725CF24D4A42FC3BA1E765B84F598176EA4E87386DE3ED845C320
                                                                                                  Function 00007FF69E5776C0 Relevance: .9, Instructions: 893COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                                  • Instruction ID: 0ff64523e5f3d95b03f12fec37e383a356d42d2d02613d4b16f2bbcf44611f8c
                                                                                                  • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                                  • Instruction Fuzzy Hash: 85628D9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                                                                  Function 00007FF69E5953F0 Relevance: .9, Instructions: 891COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
                                                                                                  • Instruction ID: ff4a91557aa00ce9c80935b80cb685cda3f621588a79eeb25ac86d0f320ef0c2
                                                                                                  • Opcode Fuzzy Hash: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
                                                                                                  • Instruction Fuzzy Hash: 0B8201F2A096C08AD724CF28D4A46FC7B61F765B48F488176EA4D87789CE3ED459C720
                                                                                                  Function 00007FF69E58BB90 Relevance: .6, Instructions: 587COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                                  • Instruction ID: 666887a51333aba031dc729ca6457258857df7809d947dfce564e49b6f3e4d9f
                                                                                                  • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                                  • Instruction Fuzzy Hash: FE22E3B3B246508BD728CF25C89AE5E3766F798744B4B8228DF0ACB785DB39D505CB40
                                                                                                  Function 00007FF69E594B98 Relevance: .6, Instructions: 578COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                                  • Instruction ID: 121bbf9b4c48372c2de3d1acb463c809fabe35a2037d9deaed6f0ac2c7d2c1c6
                                                                                                  • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                                  • Instruction Fuzzy Hash: 8A32C1B2A042918BE728CF24D5A06FC37A1F764748F458179EA4A87B84DF3DEC65C760
                                                                                                  Function 00007FF69E577288 Relevance: .3, Instructions: 294COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                                  • Instruction ID: 95c07dafa5b8f43b83bc8e1e6c49cf789cb77cde71e8571c2957481e545f6f10
                                                                                                  • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                                  • Instruction Fuzzy Hash: 83C19DB7B281908FE360CF7AE440A9D3BB1F39878CB519125EF59A3B09D639D645CB40
                                                                                                  Function 00007FF69E592D58 Relevance: .3, Instructions: 268COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                                  • Instruction ID: 6b6d66e71c7d5cfae7a3e0ab860151688760a97ceb09b2018533ec3941760f4b
                                                                                                  • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                                  • Instruction Fuzzy Hash: 50A147B7A0818186EB39CA24E4A47FD2781EBB5744F954175FE4D87786DE3EE881C320
                                                                                                  Function 00007FF69E58AF18 Relevance: .2, Instructions: 244COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                                  • Instruction ID: b01671107573ef81d0a2d6a894dfeb245d3a4e06516059b014d3be7fb77aace1
                                                                                                  • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                                  • Instruction Fuzzy Hash: C2C11577A291E04DE302CBB5A4748FD3FF5E71E30DB4A4151EF9666B4AC5295201DB30
                                                                                                  Function 00007FF69E57A310 Relevance: .2, Instructions: 230COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc
                                                                                                  • String ID:
                                                                                                  • API String ID: 190572456-0
                                                                                                  • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                                  • Instruction ID: 5d92906aa16a9269a5b5e1f089ca0ad52325863e5d12e5566c5b21a2f9b2e573
                                                                                                  • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                                  • Instruction Fuzzy Hash: 14914262B1858196EB21DF29D4A12FD6721FFA5788F441031FF4E87B4AEE3AD646C310
                                                                                                  Function 00007FF69E58B534 Relevance: .2, Instructions: 181COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                                  • Instruction ID: 559008f1826d8a66b33f98a60dda4fe7c30696e17cafa180fbc158c84227afb3
                                                                                                  • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                                  • Instruction Fuzzy Hash: FF61A927B281D048EB61CF3185604FD7FB5E729784B458072EF9A93646CE3EE105CB20
                                                                                                  Function 00007FF69E5921D0 Relevance: .1, Instructions: 137COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                                  • Instruction ID: 80f1ae3f04473bc08974d4041bd8a1d3d3786b9be2781d2256f2ac3b95a52297
                                                                                                  • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                                  • Instruction Fuzzy Hash: AB5111B3B181514BE7288F28F0647AD3751FBA8B48F848134EB4987689DE3EE945CB10
                                                                                                  Function 00007FF69E592AB0 Relevance: .1, Instructions: 112COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                                  • Instruction ID: 9bd6b1dfac51902a3381e8bc35ad27c0e6a4f24a596118bd0d5e386d71bd088e
                                                                                                  • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                                  • Instruction Fuzzy Hash: DD31D2A2A185814BD728DE16A6A02BE67D1F764340F448139EF4AC7B42DE7DE445C710
                                                                                                  Function 00007FF69E58DC70 Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                                                                  • Instruction ID: f85b697a6e942d6ac5fffba54125b646f1dfd126096cbc5e1af171854ea45638
                                                                                                  • Opcode Fuzzy Hash: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                                                                  • Instruction Fuzzy Hash: 5DF0DA72F3C00743FB78002858AA33910DADB31310F5448B5F31BC62C5DDAFA8811329
                                                                                                  Function 00007FF69E5A3354 Relevance: .0, Instructions: 2COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                                  • Instruction ID: 3f73ccdbb12b8fbba202d2d2758b56ca31afe7daaf288ea0db479e6a07cd1cf8
                                                                                                  • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                                  • Instruction Fuzzy Hash: 4BA0016194C842E0E6648B10A8F00746620FB60714F5810B2F00D810A59E2EA401C220
                                                                                                  Function 00007FF69E57D7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                                                                  • API String ID: 3668304517-727060406
                                                                                                  • Opcode ID: 9722f19d9730c17eaeca2eefbf6c05556aeae8c55d78850e8e2a1aeae63cce70
                                                                                                  • Instruction ID: 5848505ff407897f79ee7dd8c2aab1219548ff139e836c904ddf922394d05df6
                                                                                                  • Opcode Fuzzy Hash: 9722f19d9730c17eaeca2eefbf6c05556aeae8c55d78850e8e2a1aeae63cce70
                                                                                                  • Instruction Fuzzy Hash: 45413B76B15F01A8EB208F60D4A03E833B5FB28794F445176EA4C87768EF3AD565C360
                                                                                                  Function 00007FF69E5A2A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                  • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                  • API String ID: 2565136772-3242537097
                                                                                                  • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                                  • Instruction ID: c562f8f01d990e9be1cbb9062ec6615a06391b386f96a65fc50a3ec43f2b54aa
                                                                                                  • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                                  • Instruction Fuzzy Hash: 71212168E5DB43A1FA749B51E9F517423A0EF78790F5810B5F90EC26A0DE7EA485C330
                                                                                                  Function 00007FF69E586A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                  • String ID: DXGIDebug.dll$UNC$\\?\
                                                                                                  • API String ID: 4097890229-4048004291
                                                                                                  • Opcode ID: fb1ac769355281392679e6cccb69878fe575312718547a0a82cc4cd56cbd4b61
                                                                                                  • Instruction ID: 46e629c43eba884a8c0d53effc0e4f8207dfa78a2b46b60b581fc512c050ebe3
                                                                                                  • Opcode Fuzzy Hash: fb1ac769355281392679e6cccb69878fe575312718547a0a82cc4cd56cbd4b61
                                                                                                  • Instruction Fuzzy Hash: 2E120122B28B4284EF20CB64D0A41BD6371EBA1B98F504271EB5D87BE9DF7ED545C360
                                                                                                  Function 00007FF69E59A440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                                  • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                                  • API String ID: 431506467-1315819833
                                                                                                  • Opcode ID: 7882e024c9b819478201ce71fd32b12efab10176d06f444255a33135c55d9ff8
                                                                                                  • Instruction ID: c1630139faea4b72e76f6f2cc4d79aa037a8b923e0e14fb439818a9ce1ba9b41
                                                                                                  • Opcode Fuzzy Hash: 7882e024c9b819478201ce71fd32b12efab10176d06f444255a33135c55d9ff8
                                                                                                  • Instruction Fuzzy Hash: 22B1D2A6F1974285FB209B64D4A52FC2372EF55394F404275EE1CA6ADAEE3EE045C320
                                                                                                  Function 00007FF69E596E80 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 204memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Global$AllocCreateStream
                                                                                                  • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                  • API String ID: 2868844859-1533471033
                                                                                                  • Opcode ID: b0a568968ba406e2562f5405558042a856f124114ebc2f236df8f8f8fbeda86d
                                                                                                  • Instruction ID: ce0f780843be91928121d5bf2ab604911717bd77ac1843e7c26949491f4d49c9
                                                                                                  • Opcode Fuzzy Hash: b0a568968ba406e2562f5405558042a856f124114ebc2f236df8f8f8fbeda86d
                                                                                                  • Instruction Fuzzy Hash: 3F81E662F18A0285FB20DBB5D4A01FC2371EF69794F844176EE1D976A9DE3ED50AC320
                                                                                                  Function 00007FF69E5AE650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                  • API String ID: 3215553584-2617248754
                                                                                                  • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                                  • Instruction ID: 16dc00ee50215fe432193ffa2e14ed848367ebb563239a68fa10b758935faf75
                                                                                                  • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                                  • Instruction Fuzzy Hash: FC41C132A05B4189F720CF65E8A17E933A4EB24398F044576EE4C87B54DE3ED065C364
                                                                                                  Function 00007FF69E59F390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$MessageObjectSend$ClassDeleteLongName
                                                                                                  • String ID: STATIC
                                                                                                  • API String ID: 2845197485-1882779555
                                                                                                  • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                                  • Instruction ID: 32b381f6b20d5054401851de3f3d255f24be3f2d9af5ba72af9a54705c363457
                                                                                                  • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                                  • Instruction Fuzzy Hash: A831D465B08B4282FA709B12A5A07F923A1FFA8BC0F854071ED4D87B45DF3EE4468760
                                                                                                  Function 00007FF69E59AE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ItemTextWindow
                                                                                                  • String ID: LICENSEDLG
                                                                                                  • API String ID: 2478532303-2177901306
                                                                                                  • Opcode ID: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                                  • Instruction ID: 5247a403b2e2d5cb71d714303912d20c90e1ec14489b59e2553cf71c8c459f7a
                                                                                                  • Opcode Fuzzy Hash: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                                  • Instruction Fuzzy Hash: 8D41B269F0861282FB709B11E8B47B92361EFA4B84F4481B5F90D83B95CF3EE585C320
                                                                                                  Function 00007FF69E58B9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                                  • API String ID: 2915667086-2207617598
                                                                                                  • Opcode ID: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                                                  • Instruction ID: cbbbbf755426bba48d6e0fc17b93fde571fe2c74345b3b1e368de5393b8b5d68
                                                                                                  • Opcode Fuzzy Hash: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                                                  • Instruction Fuzzy Hash: 39316D28E1DB0690FA748B11E8F817527A4EF64B90F4851B6F84D833A4EE3FE5818320
                                                                                                  Function 00007FF69E5987D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: $
                                                                                                  • API String ID: 3668304517-227171996
                                                                                                  • Opcode ID: d36d35de43213f8ad8c7125845a4b947406c7f49c70316df392fd487e7cb45ba
                                                                                                  • Instruction ID: 8aab97aacb275e4a91d88ec78d8def9f790dd63252d0547597192e1ef632af6d
                                                                                                  • Opcode Fuzzy Hash: d36d35de43213f8ad8c7125845a4b947406c7f49c70316df392fd487e7cb45ba
                                                                                                  • Instruction Fuzzy Hash: 52F1F2A2F15B4250EE249B64D5E41FC2362EB64BA8F805271EB2D977D5DF7EE080C360
                                                                                                  Function 00007FF69E5A57EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                                  • String ID: csm$csm$csm
                                                                                                  • API String ID: 2940173790-393685449
                                                                                                  • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                                  • Instruction ID: 2f04c8d473aa254281317a52bac2c59852f7e7ac555ec9d5e6e6696267fc17b6
                                                                                                  • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                                  • Instruction Fuzzy Hash: 2AE1BFB29487828AE7309F64D4E07AD7BA0FB64768F140175EB8D87696CF39E485C720
                                                                                                  Function 00007FF69E584F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocClearStringVariant
                                                                                                  • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                  • API String ID: 1959693985-3505469590
                                                                                                  • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                                  • Instruction ID: c580a2f1d7ac8c3b4c81ca6f182c2ff64f0d864ddf9ae28b9c6812a947974c89
                                                                                                  • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                                  • Instruction Fuzzy Hash: 89715A76A14A0595EB20CF25E8E05AD37B0FBA8B98F045172EE4E83BA4DF3ED544C310
                                                                                                  Function 00007FF69E5A72EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF69E5A74F3,?,?,?,00007FF69E5A525E,?,?,?,00007FF69E5A5219), ref: 00007FF69E5A7371
                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00007FF69E5A74F3,?,?,?,00007FF69E5A525E,?,?,?,00007FF69E5A5219), ref: 00007FF69E5A737F
                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF69E5A74F3,?,?,?,00007FF69E5A525E,?,?,?,00007FF69E5A5219), ref: 00007FF69E5A73A9
                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF69E5A74F3,?,?,?,00007FF69E5A525E,?,?,?,00007FF69E5A5219), ref: 00007FF69E5A73EF
                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,00007FF69E5A74F3,?,?,?,00007FF69E5A525E,?,?,?,00007FF69E5A5219), ref: 00007FF69E5A73FB
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                  • String ID: api-ms-
                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                  • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                                  • Instruction ID: 834e987f893f110b70b3e3915617aa11f5103dead2a36438a9eb7dd832a3bd00
                                                                                                  • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                                  • Instruction Fuzzy Hash: A531C521A5A64291EE319B06A8A057523D4FF64BB0F5A4576FD1DCB3A0EF3EE0508730
                                                                                                  Function 00007FF69E5A1604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,00007FF69E5A1573,?,?,?,00007FF69E5A192A), ref: 00007FF69E5A162B
                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF69E5A1573,?,?,?,00007FF69E5A192A), ref: 00007FF69E5A1648
                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF69E5A1573,?,?,?,00007FF69E5A192A), ref: 00007FF69E5A1664
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                  • API String ID: 667068680-1718035505
                                                                                                  • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                                  • Instruction ID: 197d5e66d058b2bc8f0b93f02e79f99f3bc3ce1d1f11e686e4c2cf87d3196fe8
                                                                                                  • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                                  • Instruction Fuzzy Hash: A3115260E4AB42A1FD744B01A6E02741295EF287A0F4C54B5E81ECBB51EE7EB484C630
                                                                                                  Function 00007FF69E58ED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF69E5851A4: GetVersionExW.KERNEL32 ref: 00007FF69E5851D5
                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF69E575AB4), ref: 00007FF69E58ED8C
                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF69E575AB4), ref: 00007FF69E58ED98
                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF69E575AB4), ref: 00007FF69E58EDA8
                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF69E575AB4), ref: 00007FF69E58EDB6
                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF69E575AB4), ref: 00007FF69E58EDC4
                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF69E575AB4), ref: 00007FF69E58EE05
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                  • String ID:
                                                                                                  • API String ID: 2092733347-0
                                                                                                  • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                                  • Instruction ID: 6073244009921c2a117563b5bda35da68fc6f705701152534cf3f86945935f66
                                                                                                  • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                                  • Instruction Fuzzy Hash: 67518DB2F106518AEB14CF64D8900AC77B1F758B88B64803AEE0D97B58DF39E545C710
                                                                                                  Function 00007FF69E58F010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                  • String ID:
                                                                                                  • API String ID: 2092733347-0
                                                                                                  • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                                  • Instruction ID: bb91184798d98d4f887038f23c57ecf5a55f74c3b80da768c84d98b6de6f05df
                                                                                                  • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                                  • Instruction Fuzzy Hash: 7F315962F10A51DEFB14CFB5E8911AC7370FB18758B54502AEE0EA3A58EF38D895C720
                                                                                                  Function 00007FF69E587918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: .rar$exe$rar$sfx
                                                                                                  • API String ID: 3668304517-630704357
                                                                                                  • Opcode ID: 97aafd44a7caf21700e2098a6ceb5321661423453e734b1945fa1e7d2bcd8431
                                                                                                  • Instruction ID: 49f109b913df0098c25bc38e15d5755490a29441b84d0aea07527439386cdbb6
                                                                                                  • Opcode Fuzzy Hash: 97aafd44a7caf21700e2098a6ceb5321661423453e734b1945fa1e7d2bcd8431
                                                                                                  • Instruction Fuzzy Hash: 10A1B122A24A0650EB20DB25D8E52BC2361FF64BA8F445271FE1DC76E5DF3EE591C360
                                                                                                  Function 00007FF69E5A5CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: abort$CallEncodePointerTranslator
                                                                                                  • String ID: MOC$RCC
                                                                                                  • API String ID: 2889003569-2084237596
                                                                                                  • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                                  • Instruction ID: 489f5d57e92919ef0289188aa2c81216c41778be4aee4123f3c0e306fcc664f2
                                                                                                  • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                                  • Instruction Fuzzy Hash: 5191D2B3A08B818AE720CB64E4906AD7BA0FB14798F144179FF4C97B59DF39D195CB20
                                                                                                  Function 00007FF69E5A4F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                  • String ID: csm$f
                                                                                                  • API String ID: 2395640692-629598281
                                                                                                  • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                                  • Instruction ID: bca7acd3903fadc011fbc426f25f5c47e94344b4d1fd3e3b0999e6b16ba368d6
                                                                                                  • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                                  • Instruction Fuzzy Hash: FF51F572B4960286DB24CF11E490E393796FB60BA8F5080B4FA5E87748DF7AE841C770
                                                                                                  Function 00007FF69E57CEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                                                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                  • API String ID: 2102711378-639343689
                                                                                                  • Opcode ID: 87299e3d8371150436d20a5d335114172b85ee8c064b133af49689baa0f6dc88
                                                                                                  • Instruction ID: 41ea17a9320ac298fe713f65735f35a4c7a0a610deb3d7bcfbff65d552cfb35b
                                                                                                  • Opcode Fuzzy Hash: 87299e3d8371150436d20a5d335114172b85ee8c064b133af49689baa0f6dc88
                                                                                                  • Instruction Fuzzy Hash: AC510262F0864285FB20DB60D8E52BD2361EFA57A4F0051B1EE4D93696EE3EE495C320
                                                                                                  Function 00007FF69E597B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Show$Rect
                                                                                                  • String ID: RarHtmlClassName
                                                                                                  • API String ID: 2396740005-1658105358
                                                                                                  • Opcode ID: 7f8a0b662af83a4f47b362c37f36e9414f73daccdb18f375bc1ce0a7ee57f15d
                                                                                                  • Instruction ID: 29079828c108c5d2f0b387c70641298dad24550427dae90b4f2f8cfeec606d33
                                                                                                  • Opcode Fuzzy Hash: 7f8a0b662af83a4f47b362c37f36e9414f73daccdb18f375bc1ce0a7ee57f15d
                                                                                                  • Instruction Fuzzy Hash: 5051B766A08B4186EB34DF21E4A437A63A1FFA5780F444476FE4E83B65DF3EE0458720
                                                                                                  Function 00007FF69E59FED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                  • API String ID: 0-56093855
                                                                                                  • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                                  • Instruction ID: cb9904cae2edbca8c8662bacdd2bf6f671317f92678b6f68bea361051cee8b25
                                                                                                  • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                                  • Instruction Fuzzy Hash: EE21EA69908B4791FA319B15B8E41B463A1FB69B88FA400B6F94DC7364DE3EE1C4C370
                                                                                                  Function 00007FF69E5ABFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                  • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                                  • Instruction ID: be0276ba96ff04e92c0fc9a8bdd19d0975655a331b5a94de61c7097090af8b8c
                                                                                                  • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                                  • Instruction Fuzzy Hash: 0FF06221E19A4291EF648F11F4E027D63A4FFA8794F482075F94F86664DE3EE484C720
                                                                                                  Function 00007FF69E5B45C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID:
                                                                                                  • API String ID: 3215553584-0
                                                                                                  • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                                  • Instruction ID: 9547fe2ba74311729c1de10e9517eced7dee723a583073f17a6001ca728f6b4e
                                                                                                  • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                                  • Instruction Fuzzy Hash: EF81E022E1865245F7309F6588E06BD27A4FB65B98F0841B5FD0E93795EF3EA842C730
                                                                                                  Function 00007FF69E583AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2398171386-0
                                                                                                  • Opcode ID: 6680a8ae6a6522cd62912201e70e8bb28995b8f6d908c9164d6c450c0857e8b8
                                                                                                  • Instruction ID: d18b00f661b2c506067a163fcba54191c7849c5e3650a216805bf38e366a5aba
                                                                                                  • Opcode Fuzzy Hash: 6680a8ae6a6522cd62912201e70e8bb28995b8f6d908c9164d6c450c0857e8b8
                                                                                                  • Instruction Fuzzy Hash: F551D272F28A4259FB70CB65E8A02BD2371EF687A8F044675EE1D867D5EE3994058310
                                                                                                  Function 00007FF69E5B3F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                  • String ID:
                                                                                                  • API String ID: 3659116390-0
                                                                                                  • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                                  • Instruction ID: b09c01ba75accd9741ad5d7a6edb7809b3d691e88bb2ea594ed0f962d106afdb
                                                                                                  • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                                  • Instruction Fuzzy Hash: FA51D232E18A5185E720CF65D4A03AC3BB1FB68798F088135EE4E97B98DF39D545C720
                                                                                                  Function 00007FF69E5A1E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$AllocString
                                                                                                  • String ID:
                                                                                                  • API String ID: 262959230-0
                                                                                                  • Opcode ID: b7eca4d0914b4f3ce7b9457829877c74e6e00994a5cd88f9d96bed53318f8e63
                                                                                                  • Instruction ID: 149e91873aca1036381bb2f0b0f901813005519e409f980ab4793797366df73a
                                                                                                  • Opcode Fuzzy Hash: b7eca4d0914b4f3ce7b9457829877c74e6e00994a5cd88f9d96bed53318f8e63
                                                                                                  • Instruction Fuzzy Hash: C141D261A4968689EB249F2195A02B82391EF28BF4F184674FA6DC77D5DF3EE041C330
                                                                                                  Function 00007FF69E5AF414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc
                                                                                                  • String ID:
                                                                                                  • API String ID: 190572456-0
                                                                                                  • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                                  • Instruction ID: 9979987131eab0d9e870c353cbf26bfc6c2cc433e65e4e62a4bd1cd6867247eb
                                                                                                  • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                                  • Instruction Fuzzy Hash: 5641B362B09A4292FE759F12A8A05756395FF28BE0F094575ED1DCBB44EE3EE4408330
                                                                                                  Function 00007FF69E5B56D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _set_statfp
                                                                                                  • String ID:
                                                                                                  • API String ID: 1156100317-0
                                                                                                  • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                  • Instruction ID: c6c6cc99c0ab9a0ea7c8811c1ab678a96b11d8cfdfc575b72218f8c8d619b62a
                                                                                                  • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                  • Instruction Fuzzy Hash: 1B118BB6F18A0781F67D1124E5E23790143FF653E0E5C42B0FA7ECA6D68E2EE4444225
                                                                                                  Function 00007FF69E59FE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 3621893840-0
                                                                                                  • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                                  • Instruction ID: a7df5429aa1997e8c4a2a905b899232fa683813d8f26758da971894dde169d30
                                                                                                  • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                                  • Instruction Fuzzy Hash: C4F04F25F3884682F7608770E4E4A7A2351FFB4B05F885071F54EC1994DE2DD189C720
                                                                                                  Function 00007FF69E5A625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __except_validate_context_recordabort
                                                                                                  • String ID: csm$csm
                                                                                                  • API String ID: 746414643-3733052814
                                                                                                  • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                                  • Instruction ID: 661f324d993b64708820dab6b4e1cad5e174696721d95db8841cdc0a6a45c902
                                                                                                  • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                                  • Instruction Fuzzy Hash: 1171C1725086818ADB708F25D0E077D7BA1FB25BA8F1481B6EA4C87A85CF7DD491C760
                                                                                                  Function 00007FF69E5A80F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID: $*
                                                                                                  • API String ID: 3215553584-3982473090
                                                                                                  • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                                  • Instruction ID: 471fcae6f0a32f66db53f99f1c75b5a92040e9f47ed3c041c46d2e2035f5948c
                                                                                                  • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                                  • Instruction Fuzzy Hash: E651597298CA429AE7748E2894EC37C3BA1FF25B28F9411B5E64981299CF3ED441C735
                                                                                                  Function 00007FF69E5B1758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$StringType
                                                                                                  • String ID: $%s
                                                                                                  • API String ID: 3586891840-3791308623
                                                                                                  • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                                  • Instruction ID: b953608fd8a082e80044797fb5c5231419f9d6a9cfe119fa06ee552bb0db8116
                                                                                                  • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                                  • Instruction Fuzzy Hash: 22419222F14B818AEB718F25D9902A97391FB64BA8F4802B5FE1D877C5DF3DE4418360
                                                                                                  Function 00007FF69E5A66A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 2466640111-1018135373
                                                                                                  • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                                  • Instruction ID: da755dd22ca61997f5e73198de55bb60375c5ff8341fce69b82cdc67782f0e17
                                                                                                  • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                                  • Instruction Fuzzy Hash: 4F518D7769874287D630AB56E0906AE77E4FB98BA0F040174EB8D87B55CF3DE460CB20
                                                                                                  Function 00007FF69E5B4360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                  • String ID: U
                                                                                                  • API String ID: 2456169464-4171548499
                                                                                                  • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                                  • Instruction ID: 9984cfef199bf843deaf75977d5e2c7b9e02914306443638a3fee6527e489654
                                                                                                  • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                                  • Instruction Fuzzy Hash: 1741B322A18A8182DB308F25E4943B96761FBA8794F484131FE4DC7744EF7DD451C710
                                                                                                  Function 00007FF69E5990B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ObjectRelease
                                                                                                  • String ID:
                                                                                                  • API String ID: 1429681911-3916222277
                                                                                                  • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                                  • Instruction ID: 54087dd895260cfbcf109146c813def204994fec05f8f19a81d7a91164fd5178
                                                                                                  • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                                  • Instruction Fuzzy Hash: FB317039B0874686EB14CF12B86872AB7A0F798FD1F018436ED4A93B54CE3DD089CB10
                                                                                                  Function 00007FF69E58E870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSection.KERNEL32(?,?,?,00007FF69E59317F,?,?,00001000,00007FF69E57E51D), ref: 00007FF69E58E8BB
                                                                                                  • CreateSemaphoreW.KERNEL32(?,?,?,00007FF69E59317F,?,?,00001000,00007FF69E57E51D), ref: 00007FF69E58E8CB
                                                                                                  • CreateEventW.KERNEL32(?,?,?,00007FF69E59317F,?,?,00001000,00007FF69E57E51D), ref: 00007FF69E58E8E4
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                  • String ID: Thread pool initialization failed.
                                                                                                  • API String ID: 3340455307-2182114853
                                                                                                  • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                                  • Instruction ID: d5f4193d98c55b0b3ef823f24aa59c9a85cbc4ef7f5ceb2c195faa852720ef62
                                                                                                  • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                                  • Instruction Fuzzy Hash: E321A532E1A64186F7608F24D4A47AD32A2EBA4B0CF18C074DA0D8A295CF7F9455CBA4
                                                                                                  Function 00007FF69E5985E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CapsDeviceRelease
                                                                                                  • String ID:
                                                                                                  • API String ID: 127614599-3916222277
                                                                                                  • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                                  • Instruction ID: bef1ba3ba31a35badfbccc53ef10f9f2181da8d4befb851f0b1a8b8ad4f47aa0
                                                                                                  • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                                  • Instruction Fuzzy Hash: DBE08C24F0864182EB2857B6B5D902A2361EB4CBD0F168036EA1B83794CE3DC4C48310
                                                                                                  Function 00007FF69E57D1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                                                                  • String ID:
                                                                                                  • API String ID: 1137671866-0
                                                                                                  • Opcode ID: 627c5a9f6122236fca581521dc96f53263a68227a0f7261b17c8441fee41a660
                                                                                                  • Instruction ID: b5b9b6942a4fd0ecb269aabcee7e67f2f7173809ca59db71e1b336f2beb4ab7c
                                                                                                  • Opcode Fuzzy Hash: 627c5a9f6122236fca581521dc96f53263a68227a0f7261b17c8441fee41a660
                                                                                                  • Instruction Fuzzy Hash: 5BA10662A1878281EA30DB24D4E02BD6371FFA5794F409171FA4D83AE9DF3EE554C720
                                                                                                  Function 00007FF69E590548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 1452528299-0
                                                                                                  • Opcode ID: 5ed787d55209b7c8df3ee471615d716fc40756d92c62d9d0f6fb7c7bc11a0d97
                                                                                                  • Instruction ID: 0d8bc2fe45b40f81fbfd06c7db9db84ad6516556403fcc520df6481cf4b8b153
                                                                                                  • Opcode Fuzzy Hash: 5ed787d55209b7c8df3ee471615d716fc40756d92c62d9d0f6fb7c7bc11a0d97
                                                                                                  • Instruction Fuzzy Hash: 4F51E372F14A4699FB209B74D4A52FC2321EBA4BD8F404572FA1C97BD6DE2ED140C360
                                                                                                  Function 00007FF69E599D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 1077098981-0
                                                                                                  • Opcode ID: ccc7d28b294f4e6884a1db5a4544c49550100c2123dc1ad4bd8ddaa1afcd3233
                                                                                                  • Instruction ID: 6f4c5fb37d986b16cfc91a83ed0adc6fadf33262e0e45ce2eff8ecaf34328f14
                                                                                                  • Opcode Fuzzy Hash: ccc7d28b294f4e6884a1db5a4544c49550100c2123dc1ad4bd8ddaa1afcd3233
                                                                                                  • Instruction Fuzzy Hash: 6E519432A18B4686E7608F21E4A43ADB374FB94B84F505076FA4D97B58DF3ED444CB20
                                                                                                  Function 00007FF69E5ADB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                  • String ID:
                                                                                                  • API String ID: 4141327611-0
                                                                                                  • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                                  • Instruction ID: 3962c483f5a37ff45a9496b56a0d54eed7d45594c2e5bf4bf0615288978e2957
                                                                                                  • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                                  • Instruction Fuzzy Hash: FE419332A4864246F771AE1090F0379A690EFA0BB8F5481B1FB5D87A95DF6ED8418B30
                                                                                                  Function 00007FF69E583980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 3823481717-0
                                                                                                  • Opcode ID: 23c5bd100aa8ad673c958e7e4297408591e81b8e6a21f45797f9c77ad4370286
                                                                                                  • Instruction ID: 3f2813775cfa2a29063226fbc24ef1c4e9f7d877456553f8dfbf5aada3854057
                                                                                                  • Opcode Fuzzy Hash: 23c5bd100aa8ad673c958e7e4297408591e81b8e6a21f45797f9c77ad4370286
                                                                                                  • Instruction Fuzzy Hash: 4941BE62F24B5184FB10CF75E8E51AC2372FB54BA8B005271EE5DA6A9ADF7AD441C320
                                                                                                  Function 00007FF69E5B0B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF69E5AC45B), ref: 00007FF69E5B0B91
                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF69E5AC45B), ref: 00007FF69E5B0BF3
                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF69E5AC45B), ref: 00007FF69E5B0C2D
                                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF69E5AC45B), ref: 00007FF69E5B0C57
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                  • String ID:
                                                                                                  • API String ID: 1557788787-0
                                                                                                  • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                                  • Instruction ID: 5acf7b1dc4acfd742e753a21ead44528e3033954d11654bb07d92fc803cf375e
                                                                                                  • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                                  • Instruction Fuzzy Hash: 8A216131F18B51C2E6749F1264A0029B6A4FBA4BD0B4C4174EF8EA3BA4DF3DE4528314
                                                                                                  Function 00007FF69E5AD440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$abort
                                                                                                  • String ID:
                                                                                                  • API String ID: 1447195878-0
                                                                                                  • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                                  • Instruction ID: 54e17f95754000576aedeec8304c3f8d398f640294bb278230401e16f266b4bc
                                                                                                  • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                                  • Instruction Fuzzy Hash: 1B012910F4960642FA787721A6F627812A1EF647A4F1448B8F91E83BD6ED6EB8004331
                                                                                                  Function 00007FF69E598590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CapsDevice$Release
                                                                                                  • String ID:
                                                                                                  • API String ID: 1035833867-0
                                                                                                  • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                                  • Instruction ID: bdd2e452dc599074f4c8a5586d53665cc4fd83e9413d48cf8451b091817cc0b9
                                                                                                  • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                                  • Instruction Fuzzy Hash: 3DE01B64E0570542FF285B7168F91391250DF58B41F05847BE91FC6370DD3E90C5C724
                                                                                                  Function 00007FF69E57E34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: DXGIDebug.dll
                                                                                                  • API String ID: 3668304517-540382549
                                                                                                  • Opcode ID: a2f12a1f2d19e067356e31001473a209d979b1ab48dc4af4c4bd396c09c0d7d4
                                                                                                  • Instruction ID: abe45f5dc80b25423ac00685aa37b55b28b4533652887babcead285477ada139
                                                                                                  • Opcode Fuzzy Hash: a2f12a1f2d19e067356e31001473a209d979b1ab48dc4af4c4bd396c09c0d7d4
                                                                                                  • Instruction Fuzzy Hash: 7371CD72A14B8182EB24CB25E5903ADB3A5FB68794F008236EBAD47B95DF39D061C310
                                                                                                  Function 00007FF69E5AE1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID: e+000$gfff
                                                                                                  • API String ID: 3215553584-3030954782
                                                                                                  • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                                  • Instruction ID: 0ddbec444af008c73628ed2d893a20db4d8595dc73fa67059605f0c3cefda347
                                                                                                  • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                                  • Instruction Fuzzy Hash: BA512862B587C146E7348B75999136D6B92EB60BA0F08C271E79CC7BD5CE2EE484C720
                                                                                                  Function 00007FF69E589408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                                  • String ID: SIZE
                                                                                                  • API String ID: 449872665-3243624926
                                                                                                  • Opcode ID: 6775c6e5e0b050535fa3d5d92d2e2625b9409ae7efec724ba4f308c615c90b07
                                                                                                  • Instruction ID: bec0d08f2a368c4e860432bd2b32f89da3fd4a039c757f2a88025020a95609ec
                                                                                                  • Opcode Fuzzy Hash: 6775c6e5e0b050535fa3d5d92d2e2625b9409ae7efec724ba4f308c615c90b07
                                                                                                  • Instruction Fuzzy Hash: A441E962A2878255EE30DB14E4E13BD7350EFA57A0F504272FB9D826D9EE3ED540C720
                                                                                                  Function 00007FF69E5AC2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                  • String ID: C:\Users\user\Desktop\J4zGPhVRV3.exe
                                                                                                  • API String ID: 3307058713-2084551466
                                                                                                  • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                                  • Instruction ID: e1c8e7d01eee8fa331dc4f0feeb807e8e957b6d038c15ce9532b0a55021781f8
                                                                                                  • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                                  • Instruction Fuzzy Hash: E9417236A486528AEB34DF25A4A01BC7798EFA47E4F444076F94E87745DE3EE481C370
                                                                                                  Function 00007FF69E599B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                  • String ID: ASKNEXTVOL
                                                                                                  • API String ID: 445417207-3402441367
                                                                                                  • Opcode ID: d0a7277abea115b5451496591776496c59c44b7436eace80e69975e6a8ac9e23
                                                                                                  • Instruction ID: e81e8fc4978b6dd25d4eee6f6b9617b6a9f2399998e84481ead81284e5fac940
                                                                                                  • Opcode Fuzzy Hash: d0a7277abea115b5451496591776496c59c44b7436eace80e69975e6a8ac9e23
                                                                                                  • Instruction Fuzzy Hash: A9417461A1C64241FA309B12E9E02F963A1EFA5BC0F544075FE4D977A9DE3FE451C360
                                                                                                  Function 00007FF69E589638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide_snwprintf
                                                                                                  • String ID: $%s$@%s
                                                                                                  • API String ID: 2650857296-834177443
                                                                                                  • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                                  • Instruction ID: 3d79ce2cae15245b8e3fdebee96b7fcf95203c068750d6d6d29efb249721c9ae
                                                                                                  • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                                  • Instruction Fuzzy Hash: 4831E572B28A4685EA708F26D4A06F933A0FB65784F400072FE4D97799DE3EE505C750
                                                                                                  Function 00007FF69E5AEB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileHandleType
                                                                                                  • String ID: @
                                                                                                  • API String ID: 3000768030-2766056989
                                                                                                  • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                                  • Instruction ID: bb174aa425520c9507ad2e9f0b898445f478cd3e333ef45545fc7c162089fd52
                                                                                                  • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                                  • Instruction Fuzzy Hash: BB21E622E48B8641EB708B2494E81382651EB65774F285377E66F877D4CE3ED8C1C330
                                                                                                  Function 00007FF69E5A4078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF69E5A1D3E), ref: 00007FF69E5A40BC
                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF69E5A1D3E), ref: 00007FF69E5A4102
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                  • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                                  • Instruction ID: d6206fa971bba88e991eed5c68680165dece0a85a82e43e527da5dbf769f28cc
                                                                                                  • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                                  • Instruction Fuzzy Hash: 66114F36A08B4182EB208F15E49026A77E1FB98B94F184271EF8D4B754DF3DD955C710
                                                                                                  Function 00007FF69E58EA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E58E95F,?,?,?,00007FF69E58463A,?,?,?), ref: 00007FF69E58EA63
                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF69E58E95F,?,?,?,00007FF69E58463A,?,?,?), ref: 00007FF69E58EA6E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLastObjectSingleWait
                                                                                                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                  • API String ID: 1211598281-2248577382
                                                                                                  • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                                  • Instruction ID: b636eeeaa1e39a6ea40dbcfb8ab3d6aaf1d3c35ce4dcf7c54843c7a7fcb40abc
                                                                                                  • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                                  • Instruction Fuzzy Hash: B3E01A25E1A84292F660A7209CE647C2212FF717B4F9453B1F13EC21E19F2EA985C320
                                                                                                  Function 00007FF69E58A43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1303898549.00007FF69E571000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF69E570000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.1303751308.00007FF69E570000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304582479.00007FF69E5B8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304793476.00007FF69E5D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.1304965670.00007FF69E5DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7ff69e570000_J4zGPhVRV3.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FindHandleModuleResource
                                                                                                  • String ID: RTL
                                                                                                  • API String ID: 3537982541-834975271
                                                                                                  • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                                  • Instruction ID: a988f4716ea1e75d810014abe3be94c78193be98337d72adf8077676c291c874
                                                                                                  • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                                  • Instruction Fuzzy Hash: 69D05E91F1A64682FF395B71A8A93341250DF29B41F4C60B8D90E86395EE3EE088C760

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:0.4%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:3.1%
                                                                                                  Total number of Nodes:581
                                                                                                  Total number of Limit Nodes:7
                                                                                                  execution_graph 2606 6c859640 2607 6c859852 _errno 2606->2607 2609 6c85966a 2606->2609 2608 6c859957 _errno 2608->2609 2609->2608 2521 6c4922c0 2522 6c4922e6 2521->2522 2523 6c492403 memcpy 2522->2523 2524 6c492447 memcpy 2522->2524 2523->2522 2524->2522 2616 6c491d00 2617 6c491d0f 2616->2617 2618 6c491d31 2617->2618 2620 6c495ac0 2617->2620 2621 6c495b35 2620->2621 2622 6c495ade 2620->2622 2621->2618 2624 6c495af3 2622->2624 2625 6c495b7f 2622->2625 2623 6c495b20 2626 6c7af7e0 4 API calls 2623->2626 2624->2623 2635 6c4ac8f0 2624->2635 2628 6c7af7e0 4 API calls 2625->2628 2626->2621 2630 6c8fef2a 2628->2630 2629 6c495b1a 2629->2623 2661 6c4af8b0 2629->2661 2631 6c7af7e0 4 API calls 2630->2631 2634 6c8fef3a 2631->2634 2633 6c7af7e0 4 API calls 2633->2634 2634->2633 2636 6c4aca2e 2635->2636 2637 6c4ac905 2635->2637 2640 6c58bfc0 10 API calls 2636->2640 2638 6c4ac91c 2637->2638 2639 6c4acac3 2637->2639 2646 6c4ac95a 2637->2646 2642 6c4ac928 2638->2642 2643 6c4aca75 2638->2643 2647 6c58bfc0 10 API calls 2639->2647 2641 6c4aca4f 2640->2641 2644 6c58c340 10 API calls 2641->2644 2645 6c4ac992 2642->2645 2655 6c4ac93d 2642->2655 2648 6c58bfc0 10 API calls 2643->2648 2644->2646 2650 6c58bfc0 10 API calls 2645->2650 2646->2629 2649 6c4acae4 2647->2649 2651 6c4aca9d 2648->2651 2652 6c58c340 10 API calls 2649->2652 2653 6c4ac9b7 2650->2653 2654 6c58c340 10 API calls 2651->2654 2652->2646 2656 6c58c340 10 API calls 2653->2656 2654->2646 2655->2646 2682 6c5402e0 2655->2682 2658 6c4ac9d3 2656->2658 2658->2629 2662 6c4af9a0 2661->2662 2663 6c4af8c6 2661->2663 2662->2623 2664 6c4af9e0 2663->2664 2665 6c4af975 2663->2665 2668 6c4af8d0 2663->2668 2666 6c4cd160 15 API calls 2664->2666 2670 6c4af952 2664->2670 2665->2670 2912 6c4cd160 2665->2912 2666->2668 2668->2670 2671 6c4afa70 2668->2671 2672 6c4af904 2668->2672 2670->2623 2673 6c4cd260 15 API calls 2671->2673 2674 6c4af918 2672->2674 2893 6c4cd260 2672->2893 2673->2670 2674->2670 2675 6c4cd260 15 API calls 2674->2675 2676 6c4af937 2674->2676 2675->2676 2676->2670 2677 6c4cd260 15 API calls 2676->2677 2678 6c4af940 2676->2678 2677->2678 2678->2670 2679 6c4cd260 15 API calls 2678->2679 2681 6c4af949 2678->2681 2679->2681 2680 6c4cd260 15 API calls 2680->2670 2681->2670 2681->2680 2683 6c5402ff 2682->2683 2685 6c4ac9e5 2683->2685 2705 6c5d4f80 GetLastError TlsGetValue SetLastError 2683->2705 2685->2646 2686 6c4a73d0 2685->2686 2687 6c4a74e0 2686->2687 2688 6c4a73d8 2686->2688 2687->2646 2694 6c4a7449 2688->2694 2695 6c4a73fb 2688->2695 2760 6c5403f0 2688->2760 2691 6c4a742c 2692 6c4a7591 2691->2692 2696 6c4a7488 2691->2696 2697 6c4a7437 2691->2697 2692->2646 2693 6c4a74cc 2693->2646 2694->2646 2695->2693 2706 6c53fc10 2695->2706 2699 6c58bfc0 10 API calls 2696->2699 2697->2694 2698 6c58bfc0 10 API calls 2697->2698 2701 6c4a7568 2698->2701 2700 6c4a74b0 2699->2700 2702 6c58c340 10 API calls 2700->2702 2703 6c58c340 10 API calls 2701->2703 2702->2693 2704 6c4a7584 2703->2704 2704->2646 2705->2685 2707 6c53fc37 2706->2707 2714 6c53fc3b 2707->2714 2763 6c5d4f80 GetLastError TlsGetValue SetLastError 2707->2763 2710 6c540020 2851 6c5d4f80 GetLastError TlsGetValue SetLastError 2710->2851 2711 6c5d4f80 GetLastError TlsGetValue SetLastError 2720 6c53fc5c 2711->2720 2713 6c54003c 2715 6c540044 2713->2715 2716 6c5400b0 2713->2716 2714->2691 2724 6c60d400 13 API calls 2715->2724 2722 6c58bfc0 10 API calls 2716->2722 2720->2710 2720->2711 2720->2714 2720->2716 2723 6c53fcb1 SwitchToFiber 2720->2723 2725 6c5c12f0 10 API calls 2720->2725 2729 6c53fda0 2720->2729 2732 6c54010c 2720->2732 2733 6c53fd3d memcpy 2720->2733 2734 6c53fec2 CreateFiber 2720->2734 2764 6c5bc050 2720->2764 2770 6c5bc100 2720->2770 2787 6c53f8f0 2720->2787 2819 6c5c14d0 2720->2819 2830 6c5c1180 2720->2830 2848 6c6d4530 ConvertThreadToFiber 2720->2848 2850 6c5d4fc0 TlsSetValue 2720->2850 2727 6c5400eb 2722->2727 2728 6c5bc050 4 API calls 2723->2728 2724->2714 2725->2720 2730 6c58c340 10 API calls 2727->2730 2728->2720 2736 6c58bfc0 10 API calls 2729->2736 2730->2714 2852 6c5d4f80 GetLastError TlsGetValue SetLastError 2732->2852 2733->2720 2734->2720 2737 6c53ffd0 2734->2737 2740 6c53fdc1 2736->2740 2744 6c53fff0 DeleteFiber 2737->2744 2738 6c5bc050 4 API calls 2738->2720 2741 6c58c340 10 API calls 2740->2741 2743 6c53fddd 2741->2743 2742 6c540118 2745 6c54015c 2742->2745 2746 6c54011e 2742->2746 2774 6c5d4f80 GetLastError TlsGetValue SetLastError 2743->2774 2744->2714 2751 6c58bfc0 10 API calls 2745->2751 2752 6c60d400 13 API calls 2746->2752 2748 6c53fdec 2749 6c53ff93 2748->2749 2750 6c53fdf6 2748->2750 2756 6c58bfc0 10 API calls 2749->2756 2775 6c60d400 2750->2775 2753 6c54017d 2751->2753 2752->2714 2754 6c58c340 10 API calls 2753->2754 2754->2714 2758 6c53ffb4 2756->2758 2757 6c53fe26 2757->2691 2759 6c58c340 10 API calls 2758->2759 2759->2737 2761 6c5c14d0 12 API calls 2760->2761 2762 6c54040f 2761->2762 2762->2695 2763->2720 2766 6c5bc06d 2764->2766 2765 6c5bc086 2768 6c5bc0ae 2765->2768 2854 6c5d4fc0 TlsSetValue 2765->2854 2766->2765 2853 6c5d4f80 GetLastError TlsGetValue SetLastError 2766->2853 2768->2720 2771 6c53fd72 SwitchToFiber 2770->2771 2772 6c5bc110 2770->2772 2771->2738 2772->2771 2855 6c5d4f80 GetLastError TlsGetValue SetLastError 2772->2855 2774->2748 2776 6c60d411 2775->2776 2777 6c60d43a 2775->2777 2778 6c60d41b 2776->2778 2781 6c60d484 2776->2781 2777->2757 2856 6c60c640 2778->2856 2780 6c60d429 2780->2777 2784 6c60d453 memmove 2780->2784 2782 6c58bfc0 10 API calls 2781->2782 2783 6c60d4a5 2782->2783 2785 6c58c340 10 API calls 2783->2785 2784->2777 2786 6c60d4c1 2785->2786 2786->2757 2788 6c53fa40 2787->2788 2790 6c53f905 2787->2790 2789 6c58bfc0 10 API calls 2788->2789 2791 6c53fa63 2789->2791 2792 6c5c1180 19 API calls 2790->2792 2810 6c53f925 2790->2810 2793 6c58c340 10 API calls 2791->2793 2794 6c53f94d 2792->2794 2795 6c53fa7f 2793->2795 2796 6c5c14d0 12 API calls 2794->2796 2794->2810 2795->2720 2797 6c53f96d 2796->2797 2797->2810 2874 6c60cb80 2797->2874 2799 6c53f983 2800 6c53fbb4 2799->2800 2803 6c53f98d 2799->2803 2802 6c58bfc0 10 API calls 2800->2802 2801 6c5c14d0 12 API calls 2801->2803 2805 6c53fbd5 2802->2805 2803->2801 2806 6c53f9a0 CreateFiber 2803->2806 2809 6c60d400 13 API calls 2803->2809 2813 6c53f99a 2803->2813 2808 6c58c340 10 API calls 2805->2808 2806->2803 2807 6c53fa90 2806->2807 2811 6c53faab DeleteFiber 2807->2811 2808->2810 2809->2803 2810->2720 2811->2813 2812 6c53fa23 2812->2810 2814 6c58bfc0 10 API calls 2812->2814 2887 6c5d4fc0 TlsSetValue 2813->2887 2815 6c53fb01 2814->2815 2816 6c58c340 10 API calls 2815->2816 2818 6c53fb1d 2816->2818 2817 6c53fb5b DeleteFiber 2817->2818 2818->2810 2818->2817 2820 6c5c14ef 2819->2820 2821 6c5c1542 2819->2821 2823 6c5c1520 2820->2823 2825 6c5c1506 2820->2825 2822 6c5c1559 malloc 2821->2822 2829 6c5c150c 2821->2829 2824 6c5c1524 memset 2822->2824 2822->2825 2823->2824 2823->2829 2824->2720 2826 6c58bfc0 10 API calls 2825->2826 2825->2829 2827 6c5c1586 2826->2827 2828 6c58c340 10 API calls 2827->2828 2828->2829 2829->2720 2888 6c5d4f80 GetLastError TlsGetValue SetLastError 2830->2888 2832 6c5c1192 2833 6c5c1198 2832->2833 2835 6c5c14d0 12 API calls 2832->2835 2834 6c5c12f0 10 API calls 2833->2834 2841 6c5c11b4 2834->2841 2836 6c5c11ff 2835->2836 2836->2841 2889 6c5d4fc0 TlsSetValue 2836->2889 2838 6c5c1257 2891 6c5d4fc0 TlsSetValue 2838->2891 2840 6c5c1215 2840->2838 2840->2841 2890 6c5d4e80 EnterCriticalSection 2840->2890 2841->2720 2843 6c5c1253 2843->2838 2844 6c60d400 13 API calls 2843->2844 2845 6c5c129e 2844->2845 2892 6c5d4ea0 LeaveCriticalSection 2845->2892 2847 6c5c12ab 2847->2833 2847->2838 2849 6c6d454e 2848->2849 2849->2720 2850->2720 2851->2713 2852->2742 2853->2765 2854->2768 2855->2771 2857 6c60c710 2856->2857 2858 6c60c65e 2856->2858 2863 6c58bfc0 10 API calls 2857->2863 2859 6c60c7c5 2858->2859 2860 6c60c67b 2858->2860 2861 6c5c14d0 12 API calls 2859->2861 2862 6c60c686 2860->2862 2864 6c60c6b1 2860->2864 2868 6c60c77c 2860->2868 2861->2864 2862->2864 2866 6c5c13c0 free 2862->2866 2865 6c60c731 2863->2865 2864->2780 2867 6c58c340 10 API calls 2865->2867 2866->2864 2869 6c60c74d 2867->2869 2870 6c58bfc0 10 API calls 2868->2870 2869->2780 2871 6c60c79d 2870->2871 2872 6c58c340 10 API calls 2871->2872 2873 6c60c7b9 2872->2873 2873->2780 2875 6c5c14d0 12 API calls 2874->2875 2876 6c60cba5 2875->2876 2877 6c60cbc3 2876->2877 2881 6c60cc20 2876->2881 2886 6c60cc03 2876->2886 2878 6c60cca0 2877->2878 2879 6c60cbdb 2877->2879 2880 6c5c14d0 12 API calls 2878->2880 2882 6c5c13c0 free 2879->2882 2879->2886 2880->2886 2883 6c58bfc0 10 API calls 2881->2883 2882->2886 2884 6c60cc41 2883->2884 2885 6c58c340 10 API calls 2884->2885 2885->2886 2886->2799 2887->2812 2888->2832 2889->2840 2890->2843 2891->2841 2892->2847 2894 6c4cd320 2893->2894 2895 6c4cd271 2893->2895 2896 6c4c8640 10 API calls 2894->2896 2897 6c4cd27c 2895->2897 2898 6c4cd305 2895->2898 2901 6c4cd2f4 2896->2901 2899 6c4cd2c0 2897->2899 2900 6c4cd281 2897->2900 2938 6c6122f0 EnterCriticalSection 2898->2938 2932 6c4c8640 2899->2932 2930 6c6122f0 EnterCriticalSection 2900->2930 2906 6c4cd2f8 2901->2906 2907 6c8ff741 GetModuleHandleA 2901->2907 2905 6c4cd28f 2931 6c612330 LeaveCriticalSection 2905->2931 2906->2674 2909 6c8ff7e9 2907->2909 2910 6c8ff7b9 GetProcAddress GetProcAddress 2907->2910 2909->2674 2910->2909 2911 6c4cd2b1 2911->2674 2913 6c4cd225 2912->2913 2914 6c4cd173 2912->2914 2917 6c4c8640 10 API calls 2913->2917 2915 6c4cd17e 2914->2915 2916 6c4cd200 2914->2916 2919 6c4cd1c0 2915->2919 2920 6c4cd183 2915->2920 2941 6c6122f0 EnterCriticalSection 2916->2941 2924 6c4cd1f4 2917->2924 2922 6c4c8640 10 API calls 2919->2922 2939 6c6122f0 EnterCriticalSection 2920->2939 2922->2924 2923 6c4cd1ac 2923->2670 2924->2923 2926 6c8ff741 GetModuleHandleA 2924->2926 2925 6c4cd191 2940 6c612330 LeaveCriticalSection 2925->2940 2928 6c8ff7e9 2926->2928 2929 6c8ff7b9 GetProcAddress GetProcAddress 2926->2929 2928->2670 2929->2928 2930->2905 2931->2911 2933 6c4c8648 2932->2933 2934 6c58bfc0 10 API calls 2933->2934 2935 6c4c8664 2934->2935 2936 6c58c0e0 10 API calls 2935->2936 2937 6c4c8688 2936->2937 2937->2901 2938->2905 2939->2925 2940->2923 2941->2925 2942 6c491c80 2944 6c491c8f 2942->2944 2943 6c491c9d 2944->2943 2945 6c7af7e0 4 API calls 2944->2945 2946 6c8fef0a 2945->2946 2947 6c7af7e0 4 API calls 2946->2947 2948 6c8fef1a 2947->2948 2949 6c7af7e0 4 API calls 2948->2949 2950 6c8fef2a 2949->2950 2951 6c7af7e0 4 API calls 2950->2951 2953 6c8fef3a 2951->2953 2952 6c7af7e0 4 API calls 2952->2953 2953->2952 2981 6c492aa0 2984 6c492b7e 2981->2984 2982 6c493260 2983 6c493287 memcpy 2982->2983 2985 6c493380 2983->2985 2984->2982 2984->2985 2986 6c493221 memcpy 2984->2986 2987 6c4933a1 memcpy 2985->2987 2986->2982 2988 6c4945a0 2989 6c4945cf 2988->2989 2994 6c49473c 2988->2994 2990 6c4945f3 memcpy 2989->2990 2993 6c494660 2989->2993 2991 6c8fdbf0 2990->2991 2992 6c494627 memcpy 2991->2992 2992->2993 2999 6c8fed7c 2994->2999 3001 6c4913e0 2994->3001 2996 6c4913e0 5 API calls 2997 6c8fed89 2996->2997 2998 6c8fed92 2997->2998 3000 6c4913e0 5 API calls 2997->3000 2999->2996 2999->2997 3000->2998 3004 6c854970 3001->3004 3005 6c4913f7 3004->3005 3006 6c854982 _lock 3004->3006 3005->2999 3007 6c854994 3006->3007 3008 6c8549f0 calloc 3006->3008 3010 6c8549c0 realloc 3007->3010 3011 6c85499e _unlock 3007->3011 3008->3007 3009 6c854a1a _unlock 3008->3009 3009->3005 3010->3009 3012 6c8549de 3010->3012 3011->3005 3012->3011 2399 6c5c12f0 2400 6c5c1332 2399->2400 2404 6c5c130e 2399->2404 2401 6c5c1329 2400->2401 2402 6c5c1349 malloc 2400->2402 2403 6c5c1355 2402->2403 2402->2404 2404->2401 2408 6c58bfc0 2404->2408 2410 6c58bfd8 2408->2410 2409 6c58c043 2418 6c58c340 2409->2418 2410->2409 2411 6c58c055 strlen 2410->2411 2413 6c58c00c 2410->2413 2421 6c5c12f0 2411->2421 2413->2409 2416 6c58c090 strlen 2413->2416 2414 6c58c078 2414->2413 2415 6c58c082 strcpy 2414->2415 2415->2413 2417 6c5c12f0 7 API calls 2416->2417 2417->2409 2430 6c58c0e0 2418->2430 2420 6c58c367 2420->2401 2422 6c5c1332 2421->2422 2426 6c5c130e 2421->2426 2423 6c5c1329 2422->2423 2424 6c5c1349 malloc 2422->2424 2423->2414 2425 6c5c1355 2424->2425 2424->2426 2425->2414 2426->2423 2427 6c58bfc0 9 API calls 2426->2427 2428 6c5c1379 2427->2428 2429 6c58c340 9 API calls 2428->2429 2429->2423 2431 6c58c0ec 2430->2431 2432 6c58c137 2431->2432 2433 6c5c13c0 free 2431->2433 2440 6c58c16c 2431->2440 2434 6c58c271 2432->2434 2435 6c58c13f 2432->2435 2433->2432 2445 6c548a30 2434->2445 2441 6c5c13c0 2435->2441 2439 6c5c13c0 free 2439->2440 2440->2420 2442 6c5c13e1 2441->2442 2443 6c5c1440 free 2442->2443 2444 6c5c13f8 2442->2444 2443->2444 2444->2440 2448 6c547c60 2445->2448 2452 6c547cad 2448->2452 2449 6c547cbc 2456 6c546700 2449->2456 2451 6c547cde 2451->2439 2452->2449 2452->2451 2453 6c546700 10 API calls 2452->2453 2465 6c547610 2452->2465 2484 6c546850 2452->2484 2453->2452 2457 6c546713 2456->2457 2458 6c5467d1 2457->2458 2459 6c54679e 2457->2459 2463 6c546723 2457->2463 2461 6c5c12f0 9 API calls 2458->2461 2460 6c5c13c0 free 2459->2460 2460->2463 2462 6c5467e9 2461->2462 2462->2463 2464 6c54680b memcpy 2462->2464 2463->2451 2464->2463 2467 6c54765b 2465->2467 2472 6c5477d1 2465->2472 2466 6c5c12f0 7 API calls 2466->2472 2468 6c547767 strlen 2467->2468 2468->2472 2469 6c547a31 memcpy 2469->2472 2470 6c54786d 2470->2452 2471 6c546700 7 API calls 2471->2472 2472->2466 2472->2469 2472->2470 2472->2471 2473 6c54788e 2472->2473 2478 6c5c13c0 free 2472->2478 2479 6c547a73 2472->2479 2473->2470 2475 6c546700 7 API calls 2473->2475 2476 6c5478d1 2473->2476 2474 6c546700 7 API calls 2474->2476 2475->2473 2476->2470 2476->2474 2477 6c547bf5 2476->2477 2477->2470 2481 6c546700 7 API calls 2477->2481 2478->2472 2479->2470 2480 6c5c13c0 free 2479->2480 2482 6c5c12f0 7 API calls 2479->2482 2483 6c547b9e memcpy 2479->2483 2480->2479 2481->2477 2482->2479 2483->2479 2508 6c546892 2484->2508 2485 6c546ddf 2486 6c546700 9 API calls 2485->2486 2487 6c546e06 2486->2487 2487->2452 2488 6c5472e0 2489 6c546700 9 API calls 2488->2489 2494 6c547389 2488->2494 2497 6c547337 2489->2497 2490 6c547474 2491 6c546700 9 API calls 2490->2491 2500 6c5474ab 2490->2500 2493 6c547552 2491->2493 2492 6c546700 9 API calls 2492->2494 2495 6c546d2f 2493->2495 2498 6c5475d7 2493->2498 2499 6c547562 2493->2499 2494->2490 2494->2492 2494->2495 2495->2452 2496 6c546700 9 API calls 2496->2500 2497->2494 2497->2495 2501 6c546700 9 API calls 2497->2501 2502 6c546700 9 API calls 2498->2502 2503 6c546700 9 API calls 2499->2503 2500->2495 2500->2496 2501->2497 2504 6c547583 2502->2504 2503->2504 2504->2495 2504->2500 2505 6c546700 9 API calls 2504->2505 2505->2504 2506 6c546ce0 2507 6c546700 9 API calls 2506->2507 2513 6c546cf0 2506->2513 2507->2513 2508->2485 2508->2488 2508->2490 2508->2495 2512 6c546ca1 2508->2512 2509 6c546fab 2509->2506 2511 6c546fb3 2509->2511 2510 6c546700 9 API calls 2510->2513 2514 6c546700 9 API calls 2511->2514 2516 6c546fbf 2511->2516 2512->2506 2512->2509 2512->2511 2517 6c546ffe 2512->2517 2513->2488 2513->2495 2513->2510 2514->2516 2515 6c546700 9 API calls 2515->2516 2516->2495 2516->2513 2516->2515 2517->2495 2517->2506 2518 6c5c13c0 free 2517->2518 2519 6c5c12f0 9 API calls 2517->2519 2520 6c54712e memcpy 2517->2520 2518->2517 2519->2517 2520->2517 2525 6c8da400 2526 6c8da413 2525->2526 2537 6c8da4d0 2525->2537 2527 6c8da427 2526->2527 2528 6c8da500 2526->2528 2531 6c8da452 2527->2531 2533 6c8da540 2527->2533 2529 6c8da50d 2528->2529 2530 6c8da520 memset 2528->2530 2530->2529 2535 6c8da4ab memmove 2531->2535 2536 6c8da480 memset 2531->2536 2532 6c8da598 memset 2534 6c8da572 2532->2534 2533->2532 2533->2534 2534->2535 2534->2537 2535->2537 2536->2535 2538 6c5eb650 2541 6c5e9fc0 2538->2541 2540 6c5eb687 2543 6c5ea010 2541->2543 2542 6c5ea03d 2542->2540 2543->2542 2544 6c58bfc0 10 API calls 2543->2544 2545 6c5ea091 2544->2545 2546 6c58c340 10 API calls 2545->2546 2546->2542 2954 6c5e2210 2955 6c5e221b 2954->2955 2956 6c5e2239 2954->2956 2955->2956 2958 6c5e1d20 2955->2958 2959 6c5e1d54 2958->2959 2960 6c5e1dc0 2959->2960 2978 6c5d4e60 EnterCriticalSection 2959->2978 2962 6c58bfc0 10 API calls 2960->2962 2964 6c5e1de1 2962->2964 2963 6c5e1d82 2963->2960 2965 6c5e1d86 2963->2965 2966 6c58c340 10 API calls 2964->2966 2967 6c5e1d8f 2965->2967 2968 6c5e1e04 2965->2968 2969 6c5e1dfd 2966->2969 2979 6c5d4ea0 LeaveCriticalSection 2967->2979 2980 6c5d4ea0 LeaveCriticalSection 2968->2980 2969->2956 2971 6c5e1dae 2973 6c58bfc0 10 API calls 2971->2973 2974 6c5e1db2 2971->2974 2975 6c5e1e32 2973->2975 2974->2956 2976 6c58c340 10 API calls 2975->2976 2977 6c5e1e4e 2976->2977 2977->2956 2978->2963 2979->2971 2980->2971 2584 6c493670 2586 6c49367f 2584->2586 2585 6c493690 2586->2585 2587 6c495ba6 2586->2587 2589 6c495bc7 2586->2589 2594 6c7af7e0 2587->2594 2591 6c7af7e0 4 API calls 2589->2591 2593 6c8fef3a 2591->2593 2592 6c7af7e0 4 API calls 2592->2593 2593->2592 2595 6c7af810 2594->2595 2598 6c7af7f2 2594->2598 2602 6c7af440 malloc 2595->2602 2597 6c495bbb 2598->2597 2599 6c7af7fd 2598->2599 2601 6c7af853 GetCurrentThreadId 2598->2601 2599->2597 2600 6c7af828 SetEvent 2599->2600 2600->2597 2601->2597 2601->2599 2603 6c7af49d 2602->2603 2604 6c7af45b 2602->2604 2603->2598 2604->2603 2605 6c7af493 free 2604->2605 2605->2603 3013 6c493d30 3014 6c493d68 3013->3014 3016 6c493dcc memcpy 3014->3016 3017 6c493dfd 3014->3017 3015 6c493f1a memcpy 3015->3017 3016->3017 3017->3015 3018 6c493f6c memcpy 3017->3018 3018->3017 3019 6c491bb0 3021 6c491bbf 3019->3021 3020 6c491bd0 3021->3020 3022 6c7af7e0 4 API calls 3021->3022 3023 6c8fee58 3022->3023 3024 6c491cb0 3025 6c491cbf 3024->3025 3027 6c491ce1 3025->3027 3028 6c4959f0 3025->3028 3029 6c495a65 3028->3029 3030 6c495a0e 3028->3030 3029->3027 3032 6c495a23 3030->3032 3033 6c495aaf 3030->3033 3031 6c495a50 3034 6c7af7e0 4 API calls 3031->3034 3032->3031 3045 6c4abfe0 3032->3045 3036 6c7af7e0 4 API calls 3033->3036 3034->3029 3038 6c8fef1a 3036->3038 3037 6c495a4a 3037->3031 3040 6c4af8b0 18 API calls 3037->3040 3039 6c7af7e0 4 API calls 3038->3039 3041 6c8fef2a 3039->3041 3040->3031 3042 6c7af7e0 4 API calls 3041->3042 3044 6c8fef3a 3042->3044 3043 6c7af7e0 4 API calls 3043->3044 3044->3043 3046 6c4ac125 3045->3046 3047 6c4abff5 3045->3047 3049 6c58bfc0 10 API calls 3046->3049 3048 6c4ac046 3047->3048 3050 6c4ac00f 3047->3050 3051 6c4ac16c 3047->3051 3048->3037 3052 6c4ac146 3049->3052 3053 6c4ac083 3050->3053 3055 6c4ac0e0 3050->3055 3060 6c4ac02d 3050->3060 3056 6c58bfc0 10 API calls 3051->3056 3054 6c58c340 10 API calls 3052->3054 3053->3037 3054->3048 3059 6c58bfc0 10 API calls 3055->3059 3057 6c4ac18d 3056->3057 3058 6c58c340 10 API calls 3057->3058 3058->3048 3061 6c4ac101 3059->3061 3060->3048 3063 6c5402e0 3 API calls 3060->3063 3062 6c58c340 10 API calls 3061->3062 3064 6c4ac11d 3062->3064 3065 6c4ac095 3063->3065 3064->3037 3065->3048 3066 6c4a73d0 28 API calls 3065->3066 3066->3048 3067 6c4924b0 3069 6c492500 3067->3069 3068 6c4926fb memcpy 3068->3069 3069->3068 2553 6c5f5740 2554 6c5f5759 2553->2554 2562 6c5f57b6 2554->2562 2565 6c5d4e60 EnterCriticalSection 2554->2565 2556 6c5f5773 2556->2562 2566 6c5d4ea0 LeaveCriticalSection 2556->2566 2558 6c5f578a 2558->2562 2567 6c5d4e80 EnterCriticalSection 2558->2567 2560 6c5f579b 2560->2562 2564 6c5f57a9 2560->2564 2569 6c5851d0 2560->2569 2568 6c5d4ea0 LeaveCriticalSection 2564->2568 2565->2556 2566->2558 2567->2560 2568->2562 2570 6c5851e2 2569->2570 2578 6c5851f5 2569->2578 2579 6c5d4e80 EnterCriticalSection 2570->2579 2572 6c5851ef 2572->2578 2580 6c5d4ea0 LeaveCriticalSection 2572->2580 2574 6c58521f 2575 6c58bfc0 10 API calls 2574->2575 2574->2578 2576 6c585244 2575->2576 2577 6c58c340 10 API calls 2576->2577 2577->2578 2578->2564 2579->2572 2580->2574

                                                                                                  Callgraph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  • Opacity -> Relevance
                                                                                                  • Disassembly available
                                                                                                  callgraph 0 Function_6C546850 40 Function_6C546700 0->40 68 Function_6C5C13C0 0->68 80 Function_6C5C12F0 0->80 1 Function_6C740C70 2 Function_6C5BC050 44 Function_6C5D4F00 2->44 70 Function_6C5D4FC0 2->70 97 Function_6C5D4F80 2->97 3 Function_6C4C8640 64 Function_6C58BFC0 3->64 83 Function_6C58C0E0 3->83 4 Function_6C8D7080 5 Function_6C5EB650 72 Function_6C5E9FC0 5->72 6 Function_6C58C340 6->83 7 Function_6C491A50 8 Function_6C491D50 9 Function_6C492750 10 Function_6C5A5340 11 Function_6C5F5740 11->1 25 Function_6C740C40 11->25 29 Function_6C5D4E60 11->29 11->44 54 Function_6C5851D0 11->54 98 Function_6C5D4E80 11->98 120 Function_6C5D4EA0 11->120 12 Function_6C60C640 12->6 59 Function_6C5C14D0 12->59 12->64 12->68 13 Function_6C589B70 119 Function_6C5C13A0 13->119 14 Function_6C58C370 15 Function_6C493760 22 Function_6C8DB6A0 15->22 69 Function_6C8DA710 15->69 16 Function_6C491B60 17 Function_6C491A60 18 Function_6C5A3670 81 Function_6C60D6D0 18->81 19 Function_6C5C0070 19->44 20 Function_6C4CD160 20->3 31 Function_6C514010 20->31 38 Function_6C612330 20->38 62 Function_6C6122F0 20->62 21 Function_6C4CD260 21->3 21->38 21->62 23 Function_6C60D650 24 Function_6C60D750 24->119 26 Function_6C547C60 26->0 33 Function_6C547610 26->33 26->40 94 Function_6C5BE480 26->94 27 Function_6C493670 30 Function_6C4F0370 27->30 66 Function_6C7AF7E0 27->66 27->69 106 Function_6C8D2860 27->106 28 Function_6C7AF440 32 Function_6C53FC10 32->2 32->6 32->23 43 Function_6C5BC100 32->43 45 Function_6C6D4530 32->45 46 Function_6C60D400 32->46 32->59 32->64 32->70 74 Function_6C53F8F0 32->74 32->80 96 Function_6C5C1180 32->96 32->97 32->119 33->40 33->68 33->80 100 Function_6C845F60 33->100 34 Function_6C494000 35 Function_6C491D00 56 Function_6C495AC0 35->56 36 Function_6C7AF930 37 Function_6C5E2210 52 Function_6C5E1D20 37->52 39 Function_6C8457D0 40->68 40->80 41 Function_6C493A10 41->22 41->69 42 Function_6C4AB810 49 Function_6C62F510 42->49 43->44 43->97 46->6 46->12 46->64 47 Function_6C548A30 47->26 48 Function_6C845AE0 50 Function_6C491C30 51 Function_6C493D30 52->6 52->29 52->44 52->64 95 Function_6C5BAF80 52->95 52->120 53 Function_6C845800 54->6 54->64 54->98 54->120 55 Function_6C491AC0 118 Function_6C5BE5A0 55->118 56->66 56->69 86 Function_6C4AC8F0 56->86 56->106 117 Function_6C4AF8B0 56->117 57 Function_6C4922C0 58 Function_6C4938C0 58->22 58->69 59->6 59->64 60 Function_6C5D50D0 61 Function_6C8DA400 63 Function_6C5406C0 64->80 64->119 65 Function_6C4942D0 66->28 67 Function_6C4A73D0 67->6 67->32 67->63 67->64 75 Function_6C5403F0 67->75 71 Function_6C5D40C0 72->6 72->64 72->119 121 Function_6C5E9EA0 72->121 73 Function_6C60D7C0 74->6 74->23 74->24 74->46 74->59 74->64 74->70 74->96 99 Function_6C60CB80 74->99 74->119 75->59 76 Function_6C491BE0 77 Function_6C4913E0 111 Function_6C854970 77->111 78 Function_6C493AE0 79 Function_6C4ABFE0 79->6 79->64 79->67 82 Function_6C5402E0 79->82 108 Function_6C4F14A0 79->108 80->6 80->64 81->119 82->97 83->47 83->68 83->119 84 Function_6C491AF0 85 Function_6C4959F0 85->66 85->69 85->79 85->106 85->117 86->6 86->64 86->67 86->82 86->108 87 Function_6C8F7B30 88 Function_6C859640 88->100 89 Function_6C491B80 90 Function_6C491C80 90->66 90->69 90->106 91 Function_6C5EA890 92 Function_6C584F80 93 Function_6C491D90 96->44 96->46 96->59 96->70 96->80 96->97 96->98 96->119 96->120 99->6 99->59 99->64 99->68 99->119 101 Function_6C5458B0 102 Function_6C58C3B0 102->119 103 Function_6C492AA0 104 Function_6C4936A0 105 Function_6C4945A0 105->69 105->77 116 Function_6C4973B0 105->116 107 Function_6C5EAAB0 109 Function_6C845570 110 Function_6C5429A0 112 Function_6C4913B0 113 Function_6C491BB0 113->66 114 Function_6C491CB0 114->85 115 Function_6C4924B0 117->13 117->20 117->21 117->101 117->110 118->19

                                                                                                  Executed Functions

                                                                                                  Function 6C5C12F0 Relevance: 1.3, APIs: 1, Instructions: 53COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: malloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 2803490479-0
                                                                                                  • Opcode ID: 0f0a1001b89b84f6491e9884e2c5101c8f70ebde63eb11617a69f295c26737c1
                                                                                                  • Instruction ID: ad341e9fae59964566557a0cc0e801683704e9e754dde49d6a5d841cffbde80c
                                                                                                  • Opcode Fuzzy Hash: 0f0a1001b89b84f6491e9884e2c5101c8f70ebde63eb11617a69f295c26737c1
                                                                                                  • Instruction Fuzzy Hash: 14112A713093129BE700BF99EC8021BBBE4AF84B5CF64492EE5A48BA41D774D4458B93

                                                                                                  Non-executed Functions

                                                                                                  Function 6C494000 Relevance: 3.9, APIs: 3, Instructions: 121COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 793 6c494000-6c49403e 795 6c4941c8-6c4941e7 call 6c8de500 793->795 796 6c494044-6c494047 793->796 806 6c4941ea-6c494200 memcpy 795->806 798 6c49404d-6c494076 796->798 799 6c494190-6c494192 796->799 803 6c49429d-6c4942a4 call 6c900bd0 798->803 804 6c49407c 798->804 800 6c4942a9-6c4942ab 799->800 801 6c494198 799->801 800->806 807 6c4941b0-6c4941b9 801->807 803->800 804->807 808 6c494082-6c494096 call 6c8fdbf0 804->808 810 6c494210-6c494214 806->810 807->795 814 6c49409c-6c4940c7 memcpy 808->814 815 6c494290-6c494296 808->815 812 6c4940de-6c4940f5 call 6c49aa10 810->812 813 6c494220-6c49425e call 6c8de500 memcpy 810->813 812->799 813->815 814->813 817 6c4940cd-6c4940d0 814->817 815->803 817->810 817->812
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memcpy
                                                                                                  • String ID:
                                                                                                  • API String ID: 3510742995-0
                                                                                                  • Opcode ID: 4066271c455c3859fbf91f41c0605b002b416e63681231d83282026bba7db169
                                                                                                  • Instruction ID: a4c443233ac5225f8ab4447ff39a9f582abd8f683aacbd0e477e992d34de1998
                                                                                                  • Opcode Fuzzy Hash: 4066271c455c3859fbf91f41c0605b002b416e63681231d83282026bba7db169
                                                                                                  • Instruction Fuzzy Hash: 6251D0B4D143689FCB00CFA9D580A8EBFF4BF89344F11892EE854AB754D7719849CB92
                                                                                                  Function 6C493D30 Relevance: 3.9, APIs: 3, Instructions: 121COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 766 6c493d30-6c493d6e 768 6c493ef8-6c493f17 call 6c8de500 766->768 769 6c493d74-6c493d77 766->769 778 6c493f1a-6c493f30 memcpy 768->778 770 6c493d7d-6c493da6 769->770 771 6c493ec0-6c493ec2 769->771 774 6c493fcd-6c493fd4 call 6c900bd0 770->774 775 6c493dac 770->775 776 6c493fd9-6c493fdb 771->776 777 6c493ec8 771->777 774->776 779 6c493ee0-6c493ee9 775->779 780 6c493db2-6c493dc6 call 6c8fdbf0 775->780 776->778 777->779 783 6c493f40-6c493f44 778->783 779->768 787 6c493dcc-6c493df7 memcpy 780->787 788 6c493fc0-6c493fc6 780->788 785 6c493e0e-6c493e25 call 6c49a510 783->785 786 6c493f50-6c493f8e call 6c8de500 memcpy 783->786 785->771 786->788 787->786 790 6c493dfd-6c493e00 787->790 788->774 790->783 790->785
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memcpy
                                                                                                  • String ID:
                                                                                                  • API String ID: 3510742995-0
                                                                                                  • Opcode ID: b272989b79a9ad8d50c956e4d5c20406359c8ed87759fe18290b7eeeab629cc6
                                                                                                  • Instruction ID: f7da828254a4ba63692394e4f16da5c45feb498ff0346ab180a43725d5243d4f
                                                                                                  • Opcode Fuzzy Hash: b272989b79a9ad8d50c956e4d5c20406359c8ed87759fe18290b7eeeab629cc6
                                                                                                  • Instruction Fuzzy Hash: 7151D4B49043689FCB10DFA9C590B9EBFB5BF8A304F10852EE848AB754D7719849CB91
                                                                                                  Function 6C4942D0 Relevance: 3.9, APIs: 3, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memcpy
                                                                                                  • String ID:
                                                                                                  • API String ID: 3510742995-0
                                                                                                  • Opcode ID: 49bb9f98bb1162feb0809c1f02f684cd51700783f51fdae6a5c4d6c9985073c9
                                                                                                  • Instruction ID: 38e5ee6588b0eadb494e0e9ad56c704e068e301ac763e06d1d4dd290d4194c94
                                                                                                  • Opcode Fuzzy Hash: 49bb9f98bb1162feb0809c1f02f684cd51700783f51fdae6a5c4d6c9985073c9
                                                                                                  • Instruction Fuzzy Hash: 8651D0B4D143689FCB10CFA9C480A8EBFF4BF89348F11892EE854AB754D7749849CB91
                                                                                                  Function 6C4945A0 Relevance: 2.7, APIs: 2, Instructions: 160COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memcpy
                                                                                                  • String ID:
                                                                                                  • API String ID: 3510742995-0
                                                                                                  • Opcode ID: b566a79082a20864ec48ce18a07ba42fe52525f7f581f36459f0e18856d36575
                                                                                                  • Instruction ID: 3a3e41ba0ea7f0963886311a200f30890889952943a76c172f0ab287294f2c47
                                                                                                  • Opcode Fuzzy Hash: b566a79082a20864ec48ce18a07ba42fe52525f7f581f36459f0e18856d36575
                                                                                                  • Instruction Fuzzy Hash: AA6117B260D7408ED710DF28C18175ABFE0BF9A388F104E6EE4D457B51D7B49289CB92
                                                                                                  Function 6C493AE0 Relevance: 1.3, APIs: 1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f7d5a864b7d2adc5cb81aa365af7aa1c0648be807f1fe12531de5544211a6998
                                                                                                  • Instruction ID: 29e84b07db31600aaf3837548053841cdde40dfc43e5c9251badf71e482e1977
                                                                                                  • Opcode Fuzzy Hash: f7d5a864b7d2adc5cb81aa365af7aa1c0648be807f1fe12531de5544211a6998
                                                                                                  • Instruction Fuzzy Hash: 5931CCB450C3909BC350DF29C080B4BBFE5ABCA758F548A1DE9989B720D7B099498B82
                                                                                                  Function 6C493760 Relevance: .1, Instructions: 92COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 95fe0dd965a7cc6ffef2f6bd46487a315f8b9788bd62589b0b2a2bbbd404ea5b
                                                                                                  • Instruction ID: 99d44d42527fde1235a04556ab20ae92a41563d7769275c316d7b2d02d1b0edf
                                                                                                  • Opcode Fuzzy Hash: 95fe0dd965a7cc6ffef2f6bd46487a315f8b9788bd62589b0b2a2bbbd404ea5b
                                                                                                  • Instruction Fuzzy Hash: 9C31E2B06087059FD710EF28C69466FBBE1AFC5348F018C2DA9D58BB54DB74D8498BD2
                                                                                                  Function 6C4938C0 Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cb9fb1b47724c6cd2d82529f345b3c1fded3da90be09d669b39ece6a82c7a952
                                                                                                  • Instruction ID: f4dedcb13ec7ac2721a71e5b04378f8fb63ef39ef325990b1edc51613cc18142
                                                                                                  • Opcode Fuzzy Hash: cb9fb1b47724c6cd2d82529f345b3c1fded3da90be09d669b39ece6a82c7a952
                                                                                                  • Instruction Fuzzy Hash: B431AEB06087058BD710EF29869476FBBE1AF85348F128C2DE9948BB54DB74D8498BD2
                                                                                                  Function 6C547610 Relevance: 12.4, APIs: 3, Strings: 5, Instructions: 406stringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 34 6c547610-6c547655 35 6c5479e0-6c5479e8 34->35 36 6c54765b-6c54765d 34->36 39 6c5479f5-6c547a15 call 6c5c12f0 35->39 37 6c5476a0-6c5476b5 36->37 38 6c54765f-6c547667 36->38 42 6c5476b7-6c5476c7 37->42 40 6c547be0-6c547bf0 38->40 41 6c54766d-6c547683 38->41 51 6c547870 39->51 52 6c547a1b-6c547a24 39->52 40->42 41->42 44 6c547685-6c547695 41->44 45 6c5476c9-6c5476d4 42->45 46 6c5476ea-6c547710 42->46 44->42 45->46 47 6c5476d6-6c5476e6 45->47 48 6c547714-6c547765 call 6c845f60 46->48 47->46 57 6c547767-6c5477cb strlen 48->57 54 6c547872-6c547879 51->54 55 6c547a46-6c547a56 52->55 56 6c547a26-6c547a2b 52->56 59 6c547845-6c54784d 55->59 60 6c547a5c 55->60 56->51 58 6c547a31-6c547a41 memcpy 56->58 63 6c547990-6c547996 57->63 64 6c5477d1-6c5477e8 57->64 58->55 61 6c547890 59->61 62 6c54784f-6c547854 59->62 65 6c547a60-6c547a6e 60->65 72 6c547894-6c54789a 61->72 68 6c547856-6c54785c 62->68 69 6c547810-6c54781d 62->69 66 6c547a73-6c547a75 63->66 67 6c54799c-6c5479a8 63->67 70 6c5479ae-6c5479d1 call 6c546700 64->70 71 6c5477ee-6c5477f7 64->71 65->59 73 6c547c51 66->73 74 6c547a7b-6c547a8a 66->74 67->70 67->71 68->51 75 6c54785e-6c54786b 68->75 69->51 78 6c54781f-6c547824 69->78 70->71 88 6c5479d7 70->88 71->72 77 6c5477fd-6c547807 71->77 79 6c5478d5-6c5478e4 72->79 80 6c54789c-6c5478af 72->80 81 6c547acc-6c547ad1 74->81 83 6c547826-6c547828 75->83 84 6c54786d 75->84 77->62 78->83 86 6c547880-6c547882 78->86 82 6c5478fd-6c547918 call 6c546700 79->82 87 6c5478b0-6c5478ca call 6c546700 80->87 92 6c547a90-6c547a96 81->92 93 6c547ad3-6c547ad9 81->93 106 6c5478f0-6c5478f5 82->106 107 6c54791a 82->107 94 6c547920-6c547926 83->94 95 6c54782e-6c547830 83->95 84->51 90 6c547884-6c54788c 86->90 91 6c54783d-6c547842 86->91 87->51 110 6c5478cc-6c5478cf 87->110 88->51 90->62 99 6c54788e 90->99 91->59 92->51 97 6c547a9c-6c547aa1 92->97 93->51 101 6c547adf-6c547ae5 93->101 94->51 100 6c54792c-6c547947 94->100 95->59 102 6c547832-6c547837 95->102 104 6c547aa7-6c547aa9 97->104 105 6c547b50-6c547b52 97->105 99->61 100->39 108 6c54794d-6c54796b call 6c5c13c0 100->108 101->51 109 6c547aeb-6c547aed 101->109 102->65 102->91 116 6c547aef-6c547af5 104->116 117 6c547aab-6c547aad 104->117 114 6c547b58 105->114 115 6c547aba-6c547abf 105->115 112 6c547bf5-6c547bfb 106->112 113 6c5478fb 106->113 107->51 108->51 128 6c547971-6c547985 108->128 109->116 109->117 110->87 111 6c5478d1 110->111 111->79 123 6c547c36-6c547c3b 112->123 124 6c547bfd-6c547c0c 112->124 113->82 119 6c547ac3-6c547ac6 114->119 115->119 116->51 122 6c547afb-6c547b12 116->122 117->119 120 6c547aaf-6c547ab4 117->120 119->81 127 6c547c40-6c547c44 119->127 120->115 126 6c547bc4-6c547bd3 120->126 129 6c547b14-6c547b32 call 6c5c13c0 122->129 130 6c547b60-6c547b80 call 6c5c12f0 122->130 123->54 125 6c547c15-6c547c2f call 6c546700 124->125 138 6c547c10-6c547c13 125->138 139 6c547c31 125->139 126->119 127->73 128->63 129->51 137 6c547b38-6c547b49 129->137 130->51 140 6c547b86-6c547b91 130->140 137->117 138->123 138->125 139->51 141 6c547bb5-6c547bbe 140->141 142 6c547b93-6c547b98 140->142 141->119 141->126 142->51 143 6c547b9e-6c547bae memcpy 142->143 143->141
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen
                                                                                                  • String ID: $ $+$0123456789ABCDEF$0123456789abcdef
                                                                                                  • API String ID: 39653677-2690344263
                                                                                                  • Opcode ID: 1aeff95caf24cdfae5cadd27617e7e9463ba673a6dfeb35c7a121fbca9030fc1
                                                                                                  • Instruction ID: 765ff9f5a4d07905032b481a71d8b9d816f4e6f82d94363dd3161ed8e298ae98
                                                                                                  • Opcode Fuzzy Hash: 1aeff95caf24cdfae5cadd27617e7e9463ba673a6dfeb35c7a121fbca9030fc1
                                                                                                  • Instruction Fuzzy Hash: 180235706093418FD710CF29C880B1BBBE1BF89788F64896DE8D89BB55E775D944CB82
                                                                                                  Function 6C53FC10 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 303COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 144 6c53fc10-6c53fc39 call 6c5c0580 147 6c53fc50-6c53fc60 call 6c5d4f80 144->147 148 6c53fc3b 144->148 152 6c53ff00-6c53ff1e call 6c5c1180 147->152 153 6c53fc66-6c53fc6b 147->153 149 6c53fc3d-6c53fc46 148->149 152->148 163 6c53ff24-6c53ff44 call 6c5c12f0 152->163 155 6c53fcd0-6c53fcd5 153->155 156 6c53fc6d-6c53fc72 153->156 157 6c53fcd7-6c53fce7 call 6c5d4f80 155->157 158 6c53fc74-6c53fc7a 155->158 156->157 156->158 172 6c53fe50-6c53fe66 call 6c53f8f0 157->172 173 6c53fced-6c53fcfb call 6c60d650 157->173 160 6c53fc80-6c53fc83 158->160 161 6c540020-6c54003e call 6c5d4f80 158->161 164 6c540090-6c5400a6 160->164 165 6c53fc89-6c53fc8c 160->165 178 6c540044-6c540077 call 6c5c13a0 call 6c60d400 161->178 179 6c5400ca-6c540107 call 6c58beb0 call 6c58bfc0 call 6c58c340 161->179 175 6c53ff46-6c53ff6e call 6c6d4530 call 6c5d4fc0 163->175 176 6c53ff74-6c53ff8e call 6c5c13a0 163->176 164->149 169 6c53fc92-6c53fc97 165->169 170 6c5400b0-6c5400bd call 6c58beb0 165->170 169->148 177 6c53fc99-6c53fcab call 6c5bc050 169->177 170->179 198 6c53fe68-6c53fe74 call 6c5d4f80 172->198 199 6c53fe8c-6c53fe98 172->199 191 6c53fd01-6c53fd0a 173->191 192 6c53fe80-6c53fe85 173->192 175->153 175->176 176->149 206 6c53fcb1-6c53fccd SwitchToFiber call 6c5bc050 177->206 207 6c53fda0-6c53fdf0 call 6c58beb0 call 6c58bfc0 call 6c58c340 call 6c5d4f80 177->207 217 6c54007c-6c54008a 178->217 179->217 200 6c53fe40-6c53fe47 191->200 201 6c53fd10-6c53fd37 call 6c5c12f0 191->201 202 6c53fea0-6c53feb0 192->202 203 6c53fe87-6c53fe8a 192->203 198->192 199->149 215 6c53fd58-6c53fd93 call 6c5bc100 SwitchToFiber call 6c5bc050 200->215 225 6c54010c-6c54011c call 6c5d4f80 201->225 226 6c53fd3d-6c53fd55 memcpy 201->226 212 6c53feb7 call 6c5c14d0 202->212 203->199 203->202 206->155 252 6c53ff93-6c53ffd0 call 6c58beb0 call 6c58bfc0 call 6c58c340 207->252 253 6c53fdf6-6c53fe3f call 6c5c13a0 call 6c60d400 207->253 220 6c53febc-6c53fec0 212->220 215->155 217->149 220->199 227 6c53fec2-6c53feed CreateFiber 220->227 242 6c54015c-6c540199 call 6c58beb0 call 6c58bfc0 call 6c58c340 225->242 243 6c54011e-6c540149 call 6c5c13a0 call 6c60d400 225->243 226->215 231 6c53fef3 227->231 232 6c53ffd5-6c540016 call 6c5c13a0 DeleteFiber call 6c5c13a0 227->232 231->152 232->199 256 6c54014e-6c540157 242->256 243->256 252->232 256->149
                                                                                                  APIs
                                                                                                  • SwitchToFiber.KERNEL32(?,?,?,?,6C491CE1,6C4A70E0,?,6C4A742C,?,?,?,?,?,?,?,?), ref: 6C53FCB9
                                                                                                  • memcpy.MSVCRT(?,?,?,?,?,6C491CE1,6C4A70E0,?,6C4A742C,?,?,?,?,?,?,?), ref: 6C53FD50
                                                                                                  • SwitchToFiber.KERNEL32(?,?,?,?,?,6C491CE1,6C4A70E0,?,6C4A742C,?,?,?,?,?,?,?), ref: 6C53FD7C
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FiberSwitch$memcpy
                                                                                                  • String ID: `
                                                                                                  • API String ID: 148397844-2679148245
                                                                                                  • Opcode ID: 208bfaacc619e6fe010be68e2ea322333ca8e8092eb17f1f002b7907f8aa22a9
                                                                                                  • Instruction ID: e4561150d28683cf74f19c5f5de35ddb1b6f3611e6e61d823e940aaf80e04bc0
                                                                                                  • Opcode Fuzzy Hash: 208bfaacc619e6fe010be68e2ea322333ca8e8092eb17f1f002b7907f8aa22a9
                                                                                                  • Instruction Fuzzy Hash: E0D105B1509711DFD700AF68C88571ABBF0AF81388F11895DE8D88BB54DB78E885CB93
                                                                                                  Function 6C53F8F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 172COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: `$e
                                                                                                  • API String ID: 0-2074502723
                                                                                                  • Opcode ID: fe4faa7540bf84a6a8cfc443daf1656a73b617aa7611d8d1147c750bc54399a2
                                                                                                  • Instruction ID: e0d24ec0980001038a00bf4bf30300beba8bd87c4bed03df2b7638c764502053
                                                                                                  • Opcode Fuzzy Hash: fe4faa7540bf84a6a8cfc443daf1656a73b617aa7611d8d1147c750bc54399a2
                                                                                                  • Instruction Fuzzy Hash: A671E7B150A312ABE700AF64D88535FBBE0AF80788F11991CE4C88BB50D779D848CB93
                                                                                                  Function 6C854970 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 343 6c854970-6c85497c 344 6c854a26-6c854a29 343->344 345 6c854982-6c854992 _lock 343->345 348 6c8549b8-6c8549be 344->348 346 6c854994-6c854997 345->346 347 6c8549f0-6c854a0a calloc 345->347 349 6c85499a-6c85499c 346->349 350 6c854a0c-6c854a18 347->350 351 6c854a1a-6c854a21 _unlock 347->351 352 6c8549c0-6c8549dc realloc 349->352 353 6c85499e-6c8549b6 _unlock 349->353 350->349 351->344 352->351 354 6c8549de-6c8549e8 352->354 353->348 354->353
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _lock_unlockcalloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 3876498383-0
                                                                                                  • Opcode ID: ab375ab5a348395aa2b1c41066fd2d73b620529a5e0c5ab71e7ee1146ade8483
                                                                                                  • Instruction ID: c04eb07575327be8012c2800858b3734e87dd351840acfe18cbe86f651777c0c
                                                                                                  • Opcode Fuzzy Hash: ab375ab5a348395aa2b1c41066fd2d73b620529a5e0c5ab71e7ee1146ade8483
                                                                                                  • Instruction Fuzzy Hash: A5116DB16042008FDBA1DF28D68074ABBE0BFC5214F95CA79C498CB749EBB0D464CB62
                                                                                                  Function 6C58BFC0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 72stringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 580 6c58bfc0-6c58bfda call 6c588e10 583 6c58bfdc-6c58c005 call 6c5c13a0 580->583 584 6c58c04d-6c58c054 580->584 587 6c58c00c 583->587 588 6c58c007-6c58c00a 583->588 590 6c58c016-6c58c03c call 6c5c13a0 587->590 588->587 589 6c58c055-6c58c080 strlen call 6c5c12f0 588->589 589->590 597 6c58c082-6c58c08e strcpy 589->597 595 6c58c03e-6c58c041 590->595 596 6c58c043 590->596 595->596 598 6c58c090-6c58c0bb strlen call 6c5c12f0 595->598 596->584 597->590 598->584 601 6c58c0bd-6c58c0cc 598->601
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$strcpy
                                                                                                  • String ID: B
                                                                                                  • API String ID: 2790333442-1255198513
                                                                                                  • Opcode ID: 4ba7a7fbdb5e1fb455a86e6ce91e6e25cfcb0babc3a5bf7f06447db44d600155
                                                                                                  • Instruction ID: ac7200336bbea306d587ff0620dd886e4b8af331f56837bd7927195da2acaedf
                                                                                                  • Opcode Fuzzy Hash: 4ba7a7fbdb5e1fb455a86e6ce91e6e25cfcb0babc3a5bf7f06447db44d600155
                                                                                                  • Instruction Fuzzy Hash: A6217FB590A710DBD701AF68D98439FBBE0FF80388F55496DE8884B701E779D8488B92
                                                                                                  Function 6C8DA400 Relevance: 5.1, APIs: 4, Instructions: 133COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 645 6c8da400-6c8da40d 646 6c8da4f4-6c8da4fb 645->646 647 6c8da413-6c8da421 645->647 648 6c8da427-6c8da432 647->648 649 6c8da500-6c8da50b 647->649 652 6c8da58c-6c8da593 call 6c900bd0 648->652 653 6c8da438-6c8da44c 648->653 650 6c8da50d 649->650 651 6c8da520-6c8da53a memset 649->651 655 6c8da510-6c8da517 650->655 651->655 658 6c8da598-6c8da5c1 memset 652->658 656 6c8da540-6c8da570 call 6c8fdbf0 653->656 657 6c8da452-6c8da47e call 6c8fdbf0 653->657 656->658 661 6c8da572-6c8da574 656->661 664 6c8da4ab-6c8da4ce memmove 657->664 666 6c8da480-6c8da4a7 memset 657->666 658->661 661->664 665 6c8da57a-6c8da57c 661->665 667 6c8da4d0-6c8da4e0 call 6c8fdbb0 664->667 668 6c8da4e4-6c8da4f1 665->668 669 6c8da582-6c8da587 665->669 666->664 667->668 668->646 669->667
                                                                                                  APIs
                                                                                                  • memset.MSVCRT ref: 6C8DA49E
                                                                                                  • memmove.MSVCRT(?,?,?,?,?,00000000,00000000,?,?,6C497F62), ref: 6C8DA4BE
                                                                                                  • memset.MSVCRT ref: 6C8DA5B4
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000010.00000002.1454467778.000000006C491000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C490000, based on PE: true
                                                                                                  • Associated: 00000010.00000002.1454442643.000000006C490000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462067691.000000006C909000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C910000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1462099404.000000006C9DE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463002538.000000006CAC5000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463028282.000000006CAC6000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463052157.000000006CAC7000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  • Associated: 00000010.00000002.1463077869.000000006CACB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_16_2_6c490000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memset$memmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 3527438329-0
                                                                                                  • Opcode ID: 5a74f77cd490459cefcd466d8b282fdf3355fd9bc0bb731e19690729e66421c5
                                                                                                  • Instruction ID: 84ce1329dd08103bc4c061b54dc18402770e29575604a28658f7fd023dd0a457
                                                                                                  • Opcode Fuzzy Hash: 5a74f77cd490459cefcd466d8b282fdf3355fd9bc0bb731e19690729e66421c5
                                                                                                  • Instruction Fuzzy Hash: 055118B16097028FC314DF29D58065BFBE1AFC8754F218E2EE8988B715D731E949CB92

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:10%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:16.4%
                                                                                                  Total number of Nodes:116
                                                                                                  Total number of Limit Nodes:11
                                                                                                  execution_graph 6119 4fb4c8 6120 4fb4d0 SysAllocStringLen 6119->6120 6122 4fb348 6119->6122 6121 4fb2e0 6120->6121 6123 4fae48 6125 4fae4f 6123->6125 6126 4fae5f 6125->6126 6127 4fb764 6125->6127 6128 4fb768 6127->6128 6131 4fb2e0 6127->6131 6129 4fb348 6128->6129 6130 4fb77b SysReAllocStringLen 6128->6130 6129->6125 6130->6131 6131->6125 6132 4fb188 6133 4fb190 6132->6133 6134 4fb1b2 6133->6134 6136 4fb238 6133->6136 6137 4fb24c RtlExitUserThread 6136->6137 6138 4fb244 6136->6138 6137->6134 6138->6137 6198 63b744 6199 63b74a 6198->6199 6202 63b77c 6199->6202 6203 63b782 6202->6203 6208 63b818 6203->6208 6205 63b799 6206 63b761 6205->6206 6207 63bc70 ResumeThread 6205->6207 6207->6206 6209 63b829 6208->6209 6210 63b877 6209->6210 6213 4fb1be 6209->6213 6217 4fb1c0 6209->6217 6214 4fb1c0 CreateThread 6213->6214 6216 4fb225 6214->6216 6216->6210 6218 4fb1dd CreateThread 6217->6218 6220 4fb225 6218->6220 6220->6210 6139 cfbc1c 6140 cfbc24 6139->6140 6140->6140 6141 cfbc49 CoInitializeEx 6140->6141 6142 cfbc5b CreateNamedPipeW ConnectNamedPipe 6141->6142 6144 cfbcf9 ReadFile 6142->6144 6146 cfbd4d 6144->6146 6147 cfb91c 6148 cfb925 6147->6148 6149 cfb945 6148->6149 6150 cfb944 6148->6150 6154 cfb9ba 6148->6154 6157 63bc70 6150->6157 6151 cfb9ab ConnectNamedPipe 6153 cfb9d2 ReadFile 6151->6153 6151->6154 6152 cfba4b 6153->6154 6154->6151 6154->6152 6154->6153 6155 cfba2b DisconnectNamedPipe 6154->6155 6155->6154 6158 63bc78 6157->6158 6160 63bc9a 6157->6160 6159 63bc84 ResumeThread 6158->6159 6158->6160 6159->6160 6160->6149 6221 cfba3c 6222 cfba2b DisconnectNamedPipe 6221->6222 6226 cfb9ba 6222->6226 6223 cfb9ab ConnectNamedPipe 6225 cfb9d2 ReadFile 6223->6225 6223->6226 6224 cfba4b 6225->6226 6226->6222 6226->6223 6226->6224 6226->6225 6161 63bd36 SetThreadPriority 6162 63bd5f 6161->6162 6163 a21cf7 6164 a21c44 6163->6164 6165 a21d1a SleepEx 6164->6165 6166 a21d70 6164->6166 6165->6164 6227 a03456 6228 a03461 6227->6228 6229 a0345c 6227->6229 6230 63bc70 ResumeThread 6229->6230 6230->6228 6167 cfb958 6168 cfb96c CreateNamedPipeW 6167->6168 6169 cfb99c 6168->6169 6173 cfb9ba 6168->6173 6170 cfb9ab ConnectNamedPipe 6171 cfb9d2 ReadFile 6170->6171 6170->6173 6171->6173 6172 cfba2b DisconnectNamedPipe 6172->6173 6173->6169 6173->6170 6173->6171 6173->6172 6231 a03498 6232 a034a7 StartServiceCtrlDispatcherW 6231->6232 6233 a034b4 6232->6233 6234 96e6ac 6235 96e6b5 6234->6235 6238 96e768 6235->6238 6242 96e783 6235->6242 6236 96ec1c CreateProcessW 6237 96e776 6236->6237 6238->6237 6239 96eb47 CreateProcessAsUserW 6238->6239 6241 96e76e 6238->6241 6239->6237 6239->6241 6240 96e8e1 CreateProcessAsUserW 6240->6237 6240->6242 6241->6236 6241->6237 6242->6237 6242->6240 6174 4fa512 6178 4fa514 6174->6178 6175 4fa638 6176 4fa5c8 RtlUnwind 6177 4fa5f5 6176->6177 6178->6175 6178->6176 6243 7d3ac0 6246 7d3994 6243->6246 6245 7d3acf 6248 7d39ad 6246->6248 6247 7d3a8e 6247->6245 6248->6247 6249 7d3a86 DispatchMessageW 6248->6249 6249->6247 6179 8a2654 6180 8a267e 6179->6180 6181 8a283a 6180->6181 6184 8a280e 6180->6184 6186 8a24f0 6181->6186 6183 8a2827 6184->6183 6185 8a24f0 ResumeThread 6184->6185 6185->6183 6187 8a2518 6186->6187 6190 8a2934 6187->6190 6189 8a2551 6191 8a293a 6190->6191 6192 8a295f 6191->6192 6193 63bc70 ResumeThread 6191->6193 6192->6189 6193->6192 6194 4f9a90 6195 4f9a9a 6194->6195 6196 4f9af4 Sleep 6195->6196 6197 4f9ad1 6195->6197 6196->6197

                                                                                                  Executed Functions

                                                                                                  Function 0096E6AC Relevance: 25.1, APIs: 3, Strings: 11, Instructions: 607COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 96e6ac-96e6b0 1 96e6b5-96e6ba 0->1 1->1 2 96e6bc-96e6fa 1->2 4 96e72f-96e734 2->4 5 96e6fc-96e702 2->5 6 96e736-96e739 4->6 10 96e704-96e70c 5->10 11 96e70e-96e716 5->11 7 96e73e-96e766 6->7 8 96e73b 6->8 18 96e783-96e7a4 7->18 19 96e768 7->19 8->7 10->11 16 96e718-96e720 10->16 11->16 17 96e722-96e729 11->17 16->6 17->6 20 96e72b-96e72d 17->20 39 96e7a6-96e7dc 18->39 40 96e7e1-96e7fb 18->40 21 96e76e-96e770 19->21 22 96e9f8-96ea15 19->22 20->6 24 96e776-96e778 21->24 25 96ec01-96ec2c CreateProcessW 21->25 30 96ea17-96ea21 22->30 31 96ea6e-96ea88 22->31 28 96ec81-96ec95 24->28 29 96e77e 24->29 36 96ec45-96ec7c 25->36 37 96ec2e-96ec40 25->37 35 96ee6e-96ee76 28->35 55 96ec9b-96ecab 28->55 33 96ee6a 29->33 45 96ea23-96ea28 30->45 46 96ea2d-96ea69 30->46 47 96ea8a-96eac6 31->47 48 96eacb-96eadc call 96e43c 31->48 33->35 41 96ee7b-96ee93 35->41 36->33 37->33 39->35 56 96e83e-96e851 40->56 57 96e7fd-96e839 40->57 45->35 46->35 47->35 66 96eade-96eb1a 48->66 67 96eb1f-96eb55 CreateProcessAsUserW 48->67 77 96ecbe-96ece6 55->77 78 96ecad-96ecb9 55->78 74 96e894-96e8c1 56->74 75 96e853-96e88f 56->75 57->35 66->35 87 96eb57-96eb5b 67->87 88 96eb7c-96ebb8 67->88 109 96e959-96e969 74->109 75->35 93 96ece8-96ed24 77->93 94 96ed29-96ed3a call 96e43c 77->94 78->35 95 96eb5d-96eb62 87->95 96 96eb68-96ebce 87->96 88->35 93->35 112 96ed3c-96ed78 94->112 113 96ed7d-96edb5 94->113 95->96 139 96ebd0-96ebd3 96->139 140 96ebd9-96ebdd 96->140 125 96e96b-96e970 109->125 126 96e978 109->126 112->35 141 96edb7-96edbb 113->141 142 96eddc-96ee18 113->142 131 96e8c6-96e8ef CreateProcessAsUserW 125->131 132 96e976 125->132 126->131 134 96e97e-96e9be 126->134 154 96e911-96e920 131->154 155 96e8f1-96e90c 131->155 132->134 134->35 139->140 145 96ebdf-96ebe2 140->145 146 96ebe8-96ebec 140->146 150 96edbd-96edc2 141->150 151 96edc8-96ee2b 141->151 142->35 145->146 148 96ebf7 146->148 149 96ebee-96ebf2 call 96e454 146->149 148->25 149->148 150->151 177 96ee36-96ee3a 151->177 178 96ee2d-96ee30 151->178 172 96e922-96e928 154->172 173 96e94f 154->173 155->35 172->173 182 96e92a-96e930 172->182 173->109 180 96ee45-96ee49 177->180 181 96ee3c-96ee3f 177->181 178->177 184 96ee54-96ee60 180->184 185 96ee4b-96ee4f call 96e454 180->185 181->180 182->173 186 96e932-96e942 182->186 184->33 185->184 190 96e944-96e949 186->190 191 96e94d 186->191 190->173 192 96e94b 190->192 191->134 191->173 192->134
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.000000000096E000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0096E000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_96e000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: D$Error #10 @$Error #11 @$Error #16 @$Error #17 @$Error #18 @$Error #19 @$Error #20 $Error #9 @$WinSta0\Default$winsta0\default
                                                                                                  • API String ID: 0-473263953
                                                                                                  • Opcode ID: 332eb89461f7e6dca3c1234883ecfd2d86ffee68eea63170579401084ce72abd
                                                                                                  • Instruction ID: 7f2d1353efe5ef6b7de2c71271b1a284c292d3cabee9e89fc201ad61a9f87bb1
                                                                                                  • Opcode Fuzzy Hash: 332eb89461f7e6dca3c1234883ecfd2d86ffee68eea63170579401084ce72abd
                                                                                                  • Instruction Fuzzy Hash: 8D126474E0020DAAEF21FBB9CD86FFE73A9EF84304F144466F515E7182DA3599448B26
                                                                                                  Function 00CFB958 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84pipeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 193 cfb958-cfb996 CreateNamedPipeW 195 cfba3e-cfba45 193->195 196 cfb99c-cfb9a6 193->196 197 cfb9ab-cfb9b8 ConnectNamedPipe 195->197 198 cfba4b-cfba4f 195->198 196->198 200 cfb9ba-cfb9c4 197->200 201 cfb9d2-cfb9fa ReadFile 197->201 200->201 206 cfb9c6-cfb9d0 200->206 202 cfba1e-cfba34 DisconnectNamedPipe 201->202 203 cfb9fc-cfba16 201->203 202->195 203->202 209 cfba18 203->209 206->195 209->202
                                                                                                  APIs
                                                                                                  • CreateNamedPipeW.KERNELBASE(\\.\PIPE\RManFUSServerNotify32,00000003,00000000,0000000A,00100000,00100000,00000064,00000000), ref: 00CFB98A
                                                                                                  Strings
                                                                                                  • Error - CreateNamedPipe, xrefs: 00CFB99C
                                                                                                  • \\.\PIPE\RManFUSServerNotify32, xrefs: 00CFB985
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.0000000000CFB000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00CFB000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_cfb000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateNamedPipe
                                                                                                  • String ID: Error - CreateNamedPipe$\\.\PIPE\RManFUSServerNotify32
                                                                                                  • API String ID: 2489174969-2026626902
                                                                                                  • Opcode ID: d2c29d324ef5a8a19fb34fb4185aaac88573c5a796197cb538bed4a413e25d56
                                                                                                  • Instruction ID: 93fb58591805371df290f4dc3057473204be347400a0d0bdee4218fcc8531d2d
                                                                                                  • Opcode Fuzzy Hash: d2c29d324ef5a8a19fb34fb4185aaac88573c5a796197cb538bed4a413e25d56
                                                                                                  • Instruction Fuzzy Hash: 6A21B031A4430D7ADBA0EBA5CC57BBE7BACEB49710F204565B714E61C1D7B09E009762
                                                                                                  Function 00A03498 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 508 a03498-a034b2 StartServiceCtrlDispatcherW 510 a034b4-a034bb 508->510 511 a034bc-a034c6 508->511
                                                                                                  APIs
                                                                                                  • StartServiceCtrlDispatcherW.ADVAPI32(?), ref: 00A034AB
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.0000000000A03000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00A03000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_a03000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CtrlDispatcherServiceStart
                                                                                                  • String ID:
                                                                                                  • API String ID: 3789849863-0
                                                                                                  • Opcode ID: 98e5cf078ae31f6cd5fba4387475a058bc730f82d003d76bd15f2e45dbe7db4e
                                                                                                  • Instruction ID: a6e51e79df131d435c1ce0065d03167cc101f1f670eb8463047653809700378e
                                                                                                  • Opcode Fuzzy Hash: 98e5cf078ae31f6cd5fba4387475a058bc730f82d003d76bd15f2e45dbe7db4e
                                                                                                  • Instruction Fuzzy Hash: 4FD012722493096EEB10AFB568C6B277A8CAB48324F400555F90CCA282E555D9104661
                                                                                                  Function 00CFBC1C Relevance: 6.1, APIs: 4, Instructions: 130pipefileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 210 cfbc1c-cfbc1f 211 cfbc24-cfbc29 210->211 211->211 212 cfbc2b-cfbc67 CoInitializeEx 211->212 216 cfbc69-cfbc6f 212->216 217 cfbc74-cfbc82 212->217 216->217 220 cfbc8f-cfbcaf 217->220 221 cfbc84-cfbc8a 217->221 224 cfbcb4-cfbcf7 CreateNamedPipeW ConnectNamedPipe 220->224 225 cfbcb1 220->225 221->220 226 cfbd09-cfbd4b ReadFile 224->226 227 cfbcf9-cfbd03 224->227 225->224 232 cfbd4d-cfbd52 226->232 233 cfbd57-cfbd5d 226->233 227->226 232->233 234 cfbdcf-cfbdd5 233->234 235 cfbd5f-cfbd68 233->235 237 cfbd6a-cfbd73 235->237 238 cfbd98-cfbd9b 235->238 237->238 239 cfbd9d-cfbdb5 238->239 240 cfbdba-cfbdca 238->240 239->240 240->234
                                                                                                  APIs
                                                                                                  • CoInitializeEx.COMBASE(00000000,00000002,?,?,?,?,00000000,00000000), ref: 00CFBC4D
                                                                                                  • CreateNamedPipeW.KERNELBASE(00CFD2D4,00000003,00000000,00000014,00000400,00000400,00000064,0000000C), ref: 00CFBCCE
                                                                                                  • ConnectNamedPipe.KERNELBASE(00000000,00000000), ref: 00CFBCF0
                                                                                                  • ReadFile.KERNELBASE(00000000,?,00000004,?,00000000,00000000,00CFD28F), ref: 00CFBD44
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.0000000000CFB000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00CFB000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_cfb000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: NamedPipe$ConnectCreateFileInitializeRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 3263518074-0
                                                                                                  • Opcode ID: ff4d570c6ae650a1e676a6f18794ad6ab65621c5c46d40d339b3c880392cab9c
                                                                                                  • Instruction ID: 76d07e7fd488e5acca0e61f429aab945f7e8363d083f36f0b537442ad1a5583d
                                                                                                  • Opcode Fuzzy Hash: ff4d570c6ae650a1e676a6f18794ad6ab65621c5c46d40d339b3c880392cab9c
                                                                                                  • Instruction Fuzzy Hash: 8D41287064030DAAEBA0ABB4CD87FBD7AAAFB0A754F104625F711E60D1D774DE008663
                                                                                                  Function 004F9A90 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 53sleepCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 241 4f9a90-4f9a98 242 4f9a9a-4f9aa1 241->242 243 4f9aa3-4f9aa6 241->243 242->243 244 4f9b04-4f9b0d call 4f9b58 242->244 245 4f9aaf 243->245 246 4f9aa8-4f9aad 243->246 251 4f9b12-4f9b17 244->251 248 4f9ab1-4f9acf 245->248 246->248 249 4f9ada-4f9af2 248->249 250 4f9ad1-4f9ad8 248->250 252 4f9afd-4f9b02 249->252 253 4f9af4-4f9afb Sleep 249->253 250->251 254 4f9b1f-4f9b20 251->254 255 4f9b19 251->255 252->251 253->251 255->254
                                                                                                  APIs
                                                                                                  • Sleep.KERNELBASE(00000000,?,004F9B49,?,?,004F9D88), ref: 004F9AF6
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000004F9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004F9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_4f9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Sleep
                                                                                                  • String ID: gfff$gfff
                                                                                                  • API String ID: 3472027048-3084402119
                                                                                                  • Opcode ID: 888901aff9deea6df1e7c8a3e91a1d0e9e8703c9112e22ccce21950e1acbe30c
                                                                                                  • Instruction ID: 7302c9af5c956ebbdcc6d97d8faf393a3cf44faa0518e0f4369dc01b85608f12
                                                                                                  • Opcode Fuzzy Hash: 888901aff9deea6df1e7c8a3e91a1d0e9e8703c9112e22ccce21950e1acbe30c
                                                                                                  • Instruction Fuzzy Hash: 4701447170455D8BDB6C9D3EB8817383292F781305F54422BEB02CE78DDAA9AC81928B
                                                                                                  Function 00A21C0C Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 313 a21c0c-a21c3c 315 a21c44-a21c55 313->315 316 a21c57-a21c5f 315->316 317 a21c8a-a21c93 call a21bd8 315->317 318 a21c71-a21c7a call a21bd8 316->318 322 a21c95-a21c9e call a21bd8 317->322 323 a21d0a-a21d0e 317->323 318->317 328 a21c7c-a21c88 318->328 322->323 334 a21ca0-a21caa 322->334 325 a21d10-a21d18 323->325 326 a21d4e-a21d58 call a21d98 323->326 329 a21d2a-a21d33 call a21bd8 325->329 339 a21d63-a21d6a 326->339 340 a21d5a-a21d61 326->340 328->317 332 a21c61-a21c6d 328->332 329->326 341 a21d35-a21d41 329->341 332->318 334->323 337 a21cac-a21cb6 334->337 342 a21cb8-a21cbf 337->342 343 a21cc9-a21ce4 337->343 339->315 345 a21d70-a21d85 339->345 340->339 344 a21d45-a21d47 340->344 346 a21d43 341->346 347 a21d1a-a21d26 SleepEx 341->347 349 a21cc7 342->349 343->323 344->326 352 a21d86 345->352 346->326 347->329 349->323 352->352
                                                                                                  APIs
                                                                                                  • SleepEx.KERNELBASE(0000000A,00000000), ref: 00A21D1E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.0000000000A21000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00A21000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_a21000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Sleep
                                                                                                  • String ID:
                                                                                                  • API String ID: 3472027048-0
                                                                                                  • Opcode ID: 2727ec1cbdaa82edac8666c864722ff5419babf6e5a087d5957990f3868bdbbb
                                                                                                  • Instruction ID: a14b3a8a9deebc95870d1add03f71c960a4e4ec8238984bc04ebd9ae1bd2f90a
                                                                                                  • Opcode Fuzzy Hash: 2727ec1cbdaa82edac8666c864722ff5419babf6e5a087d5957990f3868bdbbb
                                                                                                  • Instruction Fuzzy Hash: 1E417B34A04258EFDB14DB6CEA81E9DBBF5FF65310F2584A4E800AB692D734EE40DB10
                                                                                                  Function 007D3994 Relevance: 1.6, APIs: 1, Instructions: 105windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 353 7d3994-7d39af 355 7d3a9d-7d3aa4 353->355 356 7d39b5-7d39b9 353->356 357 7d39c9 356->357 358 7d39bb-7d39c3 356->358 359 7d39cb-7d39d4 357->359 358->357 363 7d39c5-7d39c7 358->363 361 7d39ec-7d39ff 359->361 362 7d39d6-7d39ea 359->362 366 7d3a00-7d3a02 361->366 362->366 363->359 366->355 367 7d3a08-7d3a0e 366->367 368 7d3a14-7d3a20 367->368 369 7d3a96 367->369 370 7d3a32-7d3a3d 368->370 371 7d3a22-7d3a26 368->371 369->355 370->355 373 7d3a3f-7d3a4a call 7d3830 370->373 371->370 373->355 376 7d3a4c-7d3a50 373->376 376->355 377 7d3a52-7d3a5d call 7d36e8 376->377 377->355 380 7d3a5f-7d3a6a call 7d3738 377->380 380->355 383 7d3a6c-7d3a77 call 7d36a0 380->383 383->355 386 7d3a79-7d3a84 383->386 388 7d3a8e-7d3a94 386->388 389 7d3a86-7d3a8c DispatchMessageW 386->389 388->355 389->355
                                                                                                  APIs
                                                                                                  • DispatchMessageW.USER32(?,?,?,00000000,00000000,00000000,00000001,?,00000000,00000000,00000000,00000000), ref: 007D3A87
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000007D3000.00000020.00000001.01000000.0000000D.sdmp, Offset: 007D3000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_7d3000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DispatchMessage
                                                                                                  • String ID:
                                                                                                  • API String ID: 2061451462-0
                                                                                                  • Opcode ID: 62016760372329833ce7b2af68cfdfbce09201828acd2e5e19a22a1e0e855ac4
                                                                                                  • Instruction ID: b6feade911ad87e79cf9c4cde340520bc0a723e20c5948dcbf9aedd4853ba59e
                                                                                                  • Opcode Fuzzy Hash: 62016760372329833ce7b2af68cfdfbce09201828acd2e5e19a22a1e0e855ac4
                                                                                                  • Instruction Fuzzy Hash: C721F62134434266EA316A280C0EB6EB7B94FD2B04F24841BF4D5AB3C2C6AD9E464233
                                                                                                  Function 004F9A01 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 391 4f9a01-4fa51f 393 4fa638-4fa63d 391->393 394 4fa525-4fa531 391->394 395 4fa533-4fa541 394->395 396 4fa5a1-4fa5a8 394->396 395->393 402 4fa547-4fa54b 395->402 397 4fa5aa-4fa5b1 396->397 398 4fa5c8-4fa5ec RtlUnwind 396->398 397->398 399 4fa5b3-4fa5c6 397->399 401 4fa5f5-4fa611 call 4fa47c 398->401 399->393 399->398 405 4fa616 401->405 402->393 407 4fa551-4fa55f 402->407 405->405 408 4fa598-4fa59e 407->408 409 4fa561-4fa56d call 4fa42c 407->409 408->396 409->408 412 4fa56f-4fa576 409->412 412->408 413 4fa578-4fa587 412->413 413->393 415 4fa58d-4fa596 413->415 415->398
                                                                                                  APIs
                                                                                                  • RtlUnwind.KERNEL32(?,?,?,00000000,?,?,?,?), ref: 004FA5E6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000004F9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004F9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_4f9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Unwind
                                                                                                  • String ID:
                                                                                                  • API String ID: 3419175465-0
                                                                                                  • Opcode ID: ace11f3268fa6a9968ede61cdcca24a46aba445d01eaddc212d20e60206f9b1f
                                                                                                  • Instruction ID: de7f1381e100d42a5acc2a051d5fe7f7a0c189a359bc4fab84ed34795eba4c8e
                                                                                                  • Opcode Fuzzy Hash: ace11f3268fa6a9968ede61cdcca24a46aba445d01eaddc212d20e60206f9b1f
                                                                                                  • Instruction Fuzzy Hash: 9E3171F0604308AFE720DB14C888F3B7BE5EB88754F59855EE6488B355C638EC52C72A
                                                                                                  Function 004F9A5D Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 416 4f9a5d-4fa51f 418 4fa638-4fa63d 416->418 419 4fa525-4fa531 416->419 420 4fa533-4fa541 419->420 421 4fa5a1-4fa5a8 419->421 420->418 427 4fa547-4fa54b 420->427 422 4fa5aa-4fa5b1 421->422 423 4fa5c8-4fa5ec RtlUnwind 421->423 422->423 424 4fa5b3-4fa5c6 422->424 426 4fa5f5-4fa611 call 4fa47c 423->426 424->418 424->423 430 4fa616 426->430 427->418 432 4fa551-4fa55f 427->432 430->430 433 4fa598-4fa59e 432->433 434 4fa561-4fa56d call 4fa42c 432->434 433->421 434->433 437 4fa56f-4fa576 434->437 437->433 438 4fa578-4fa587 437->438 438->418 440 4fa58d-4fa596 438->440 440->423
                                                                                                  APIs
                                                                                                  • RtlUnwind.KERNEL32(?,?,?,00000000,?,?,?,?), ref: 004FA5E6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000004F9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004F9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_4f9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Unwind
                                                                                                  • String ID:
                                                                                                  • API String ID: 3419175465-0
                                                                                                  • Opcode ID: 5be57559cb84f84dcb44712443ca2b759af96ee36382466d67350c1c24fc52d2
                                                                                                  • Instruction ID: 86d356fafc204906276c7f3eb9c8fcbfa0f3fadc7e4e3e3a9e50b31f0e903cca
                                                                                                  • Opcode Fuzzy Hash: 5be57559cb84f84dcb44712443ca2b759af96ee36382466d67350c1c24fc52d2
                                                                                                  • Instruction Fuzzy Hash: 9A214FF0205309AFD720DB14C889F3B7BA5EB88754F59855AF6488B355C738EC12CB66
                                                                                                  Function 004FA512 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 441 4fa512-4fa51f 443 4fa638-4fa63d 441->443 444 4fa525-4fa531 441->444 445 4fa533-4fa541 444->445 446 4fa5a1-4fa5a8 444->446 445->443 452 4fa547-4fa54b 445->452 447 4fa5aa-4fa5b1 446->447 448 4fa5c8-4fa5ec RtlUnwind 446->448 447->448 449 4fa5b3-4fa5c6 447->449 451 4fa5f5-4fa611 call 4fa47c 448->451 449->443 449->448 455 4fa616 451->455 452->443 457 4fa551-4fa55f 452->457 455->455 458 4fa598-4fa59e 457->458 459 4fa561-4fa56d call 4fa42c 457->459 458->446 459->458 462 4fa56f-4fa576 459->462 462->458 463 4fa578-4fa587 462->463 463->443 465 4fa58d-4fa596 463->465 465->448
                                                                                                  APIs
                                                                                                  • RtlUnwind.KERNEL32(?,?,?,00000000,?,?,?,?), ref: 004FA5E6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000004F9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004F9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_4f9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Unwind
                                                                                                  • String ID:
                                                                                                  • API String ID: 3419175465-0
                                                                                                  • Opcode ID: 410aca9243cd2af71d5715fc6f58373b5054cf3b33820fbaa902d463fde30263
                                                                                                  • Instruction ID: 9251e3f6a3e83bc767b93e8a60ff7865faec9d2c1dcb81720b2e352895657432
                                                                                                  • Opcode Fuzzy Hash: 410aca9243cd2af71d5715fc6f58373b5054cf3b33820fbaa902d463fde30263
                                                                                                  • Instruction Fuzzy Hash: E6214DF0205309AFD720DB14C889F3B7BA9EB88754F59855AF6488B355C738EC12CB66
                                                                                                  Function 004FB1C0 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 466 4fb1c0-4fb1db 467 4fb1dd-4fb1e9 466->467 468 4fb1eb-4fb1f9 466->468 471 4fb1fc-4fb223 CreateThread 467->471 468->471 472 4fb22c-4fb234 471->472 473 4fb225 471->473 473->472
                                                                                                  APIs
                                                                                                  • CreateThread.KERNEL32(?,?,Function_00002188,00000000,?,?), ref: 004FB21A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000004F9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004F9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_4f9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2422867632-0
                                                                                                  • Opcode ID: 5c0c1313547f1f69d687f25643739165d8e44f67254618d91102e763fdeb9bca
                                                                                                  • Instruction ID: 67be0535c71e52f3ac3d8078131382842c127ea252e81f9ef4a6cd3d9036f34a
                                                                                                  • Opcode Fuzzy Hash: 5c0c1313547f1f69d687f25643739165d8e44f67254618d91102e763fdeb9bca
                                                                                                  • Instruction Fuzzy Hash: F1018F72604218AFC710CA9DE884AAEB7ECEB5A364F10416BF608D7351DB78DD01C7A8
                                                                                                  Function 004FB1BE Relevance: 1.5, APIs: 1, Instructions: 44threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 474 4fb1be-4fb1db 476 4fb1dd-4fb1e9 474->476 477 4fb1eb-4fb1f9 474->477 480 4fb1fc-4fb223 CreateThread 476->480 477->480 481 4fb22c-4fb234 480->481 482 4fb225 480->482 482->481
                                                                                                  APIs
                                                                                                  • CreateThread.KERNEL32(?,?,Function_00002188,00000000,?,?), ref: 004FB21A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000004F9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004F9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_4f9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2422867632-0
                                                                                                  • Opcode ID: 69c7c2feca684956dd9dcd815e81bcc39072084898a12a593b660830433b318b
                                                                                                  • Instruction ID: 10de5853214a8e6936bcd2e42ee1459b1262a29d3990f03282e50b367fb7d779
                                                                                                  • Opcode Fuzzy Hash: 69c7c2feca684956dd9dcd815e81bcc39072084898a12a593b660830433b318b
                                                                                                  • Instruction Fuzzy Hash: 13F08172704218AFD710CA9DEC44AAEB7ECEB1A364F10416AF618D7351D734DD0187A8
                                                                                                  Function 0063BC70 Relevance: 1.5, APIs: 1, Instructions: 29threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 483 63bc70-63bc76 484 63bcb3-63bcc5 483->484 485 63bc78-63bc7c 483->485 489 63bcca-63bccb 484->489 485->484 486 63bc7e-63bc82 485->486 486->484 488 63bc84-63bc98 ResumeThread 486->488 488->489 490 63bc9a-63bcb2 488->490
                                                                                                  APIs
                                                                                                  • ResumeThread.KERNELBASE(?), ref: 0063BC90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.000000000063B000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0063B000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_63b000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 947044025-0
                                                                                                  • Opcode ID: bb3a6f2699d4b03585f6e6bc3a532f26737bfb789d2208326c78886eafeaaae2
                                                                                                  • Instruction ID: 328e944bc3b182af53cdfcabc3279bea3fb6dc9cbdfc2c97d65d14d13c2f8546
                                                                                                  • Opcode Fuzzy Hash: bb3a6f2699d4b03585f6e6bc3a532f26737bfb789d2208326c78886eafeaaae2
                                                                                                  • Instruction Fuzzy Hash: 8AF0BEA05001814ACF20EB60C0D57593B82AF82308F0870C6F9484F357CB919854C7A3
                                                                                                  Function 004FB764 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 493 4fb764-4fb766 494 4fb78b 493->494 495 4fb768-4fb76a 493->495 496 4fb348-4fb34c 495->496 497 4fb770-4fb775 495->497 498 4fb34e-4fb35b 496->498 499 4fb35c 496->499 497->496 500 4fb77b-4fb785 SysReAllocStringLen 497->500 498->499 500->494 501 4fb2e0-4fb418 500->501 504 4fb41a-4fb42a 501->504 505 4fb432 501->505 504->501 507 4fb430 504->507 507->505
                                                                                                  APIs
                                                                                                  • SysReAllocStringLen.OLEAUT32(?,?,?,004FAE59), ref: 004FB77E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000004F9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004F9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_4f9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocString
                                                                                                  • String ID:
                                                                                                  • API String ID: 2525500382-0
                                                                                                  • Opcode ID: 8a583c88b67b7963baee3385ca5795d6421fa43ceb2648ca13ce8a6a3b7466e5
                                                                                                  • Instruction ID: a96be6f8ca2f644e67de92775c7285e9b971891298b6c7ff207bb7bd58c9a255
                                                                                                  • Opcode Fuzzy Hash: 8a583c88b67b7963baee3385ca5795d6421fa43ceb2648ca13ce8a6a3b7466e5
                                                                                                  • Instruction Fuzzy Hash: 45E08CB81402099EEA149A15C801B3B3669EBD2306BADC99EAB014B340DB3D8C4086BC
                                                                                                  Function 0063BD36 Relevance: 1.5, APIs: 1, Instructions: 19threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetThreadPriority.KERNELBASE(?), ref: 0063BD4D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.000000000063B000.00000020.00000001.01000000.0000000D.sdmp, Offset: 0063B000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_63b000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: PriorityThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2383925036-0
                                                                                                  • Opcode ID: dda65b633ecd3018f4ec4dc30ddd40dd4a93c85f73c49caf315b1c3543191353
                                                                                                  • Instruction ID: 7781a26caf36b4907f483db363115c0071cf9bf25f62944b25ff2d14acc79f35
                                                                                                  • Opcode Fuzzy Hash: dda65b633ecd3018f4ec4dc30ddd40dd4a93c85f73c49caf315b1c3543191353
                                                                                                  • Instruction Fuzzy Hash: D9D022623004202F8328E6EDA881CABA2CEDB8E2167088223F105C3228DB25CC0183E0
                                                                                                  Function 004FB4C8 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SysAllocStringLen.OLEAUT32(?,00000000,?,004FB623), ref: 004FB4D3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000004F9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004F9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_4f9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocString
                                                                                                  • String ID:
                                                                                                  • API String ID: 2525500382-0
                                                                                                  • Opcode ID: 4d776db86785b5970fd1d9522e98babea852ea4b0d6e2be24cd6eecddb2789c7
                                                                                                  • Instruction ID: 6073292716d0863b27410ec37b5f91a675c0be42268a0663b65b73c839def6ac
                                                                                                  • Opcode Fuzzy Hash: 4d776db86785b5970fd1d9522e98babea852ea4b0d6e2be24cd6eecddb2789c7
                                                                                                  • Instruction Fuzzy Hash: 7BC012781456095DAA042B72890663B1B18ED52309790009BBF1085101E62DC441145D
                                                                                                  Function 004FB238 Relevance: 1.5, APIs: 1, Instructions: 10threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000004F9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 004F9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_4f9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExitThreadUser
                                                                                                  • String ID:
                                                                                                  • API String ID: 3424019298-0
                                                                                                  • Opcode ID: 68139243feba271a73bf3ff0c8ecfa9e6415c92f71219f5e596785b6c57e1e08
                                                                                                  • Instruction ID: dd3ca6e053e707ce189e7d34698b8fd5fe6c6fc9f5ffcc2aba31cd29b719d09e
                                                                                                  • Opcode Fuzzy Hash: 68139243feba271a73bf3ff0c8ecfa9e6415c92f71219f5e596785b6c57e1e08
                                                                                                  • Instruction Fuzzy Hash: 8FC09BF12013058FC32026BD9DCC71E3558D70930DF50146E731689557CB7C4445C718
                                                                                                  Function 00CFBA3C Relevance: 1.5, APIs: 1, Instructions: 6pipeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DisconnectNamedPipe.KERNELBASE(000000FF,00CFBA3E), ref: 00CFBA2F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.0000000000CFB000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00CFB000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_cfb000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DisconnectNamedPipe
                                                                                                  • String ID:
                                                                                                  • API String ID: 797972925-0
                                                                                                  • Opcode ID: b37bdc661ee5ffe07f8d1e8af4847e16227e0cd8209221d767f349547ca5fa19
                                                                                                  • Instruction ID: e3e867bc7f9ecc7c238f7d6ef7b2c2d20cabe2981c734858ecbbeb119ed29fa1
                                                                                                  • Opcode Fuzzy Hash: b37bdc661ee5ffe07f8d1e8af4847e16227e0cd8209221d767f349547ca5fa19
                                                                                                  • Instruction Fuzzy Hash: CFA0112A88800ABB8A00A2A0800883C2B28AA0A2803A08E00A202E2080C220C8002220
                                                                                                  Function 009D9A54 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000009D9000.00000020.00000001.01000000.0000000D.sdmp, Offset: 009D9000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_9d9000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: IdThread (unknown)
                                                                                                  • API String ID: 0-2043411369
                                                                                                  • Opcode ID: a6e0865bc8e947145b56777337aff580c6cd860a501755050e3e1455675ce1f2
                                                                                                  • Instruction ID: dd5f5859cb92bfe40e2d64131c9c7aa226b2c0f5725a85f9becf04748b39978a
                                                                                                  • Opcode Fuzzy Hash: a6e0865bc8e947145b56777337aff580c6cd860a501755050e3e1455675ce1f2
                                                                                                  • Instruction Fuzzy Hash: ED41F030654244EFD701EF68DA55A19BBF9FB4A704F6284E2F804DBB61C734EE10DA10
                                                                                                  Function 009FDBC8 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000009FD000.00000020.00000001.01000000.0000000D.sdmp, Offset: 009FD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_9fd000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: loopback
                                                                                                  • API String ID: 0-3546420730
                                                                                                  • Opcode ID: 4cdf467043a40f8dfe32179f26bc1d8caf9578bf624a3b4807e545c3195c74d9
                                                                                                  • Instruction ID: 8338923bab5770e04ddbe770f00c4b006547f68df5d5bc6183cf4e7450c55fcf
                                                                                                  • Opcode Fuzzy Hash: 4cdf467043a40f8dfe32179f26bc1d8caf9578bf624a3b4807e545c3195c74d9
                                                                                                  • Instruction Fuzzy Hash: B8414A74A0020CAFDB01EF99C8819AEB7FAFF89304F6085A5FA04D7651D734AE41CB54
                                                                                                  Function 013FCA30 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • TProcessMessagesThread.Execute, xrefs: 013FCA3E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000013FC000.00000020.00000001.01000000.0000000D.sdmp, Offset: 013FC000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_13fc000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: TProcessMessagesThread.Execute
                                                                                                  • API String ID: 0-3632000192
                                                                                                  • Opcode ID: 17aa164330db3aa85e9e013577acbc8648bdcf507b0b08a5a33ab5409e76face
                                                                                                  • Instruction ID: 61b8d406e0c073087230eb3fb2bdbbc556c7f076fb17bfc4e153d1617718d9f0
                                                                                                  • Opcode Fuzzy Hash: 17aa164330db3aa85e9e013577acbc8648bdcf507b0b08a5a33ab5409e76face
                                                                                                  • Instruction Fuzzy Hash: 04218C74A44208EFDB00DFA9D981E59B7F5FF49324F2082A9F914DB3A1C631AD00DB90
                                                                                                  Function 008A211D Relevance: .4, Instructions: 429COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000008A2000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008A2000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_8a2000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5e9c4f118e78073d66c62e2ef8253f4fd5c821372e6942729b464ba30dabba53
                                                                                                  • Instruction ID: 8ec119fd257bb7d4c8a61ca5c15b35016c1681911c9b0e8b8e8981bafd51836c
                                                                                                  • Opcode Fuzzy Hash: 5e9c4f118e78073d66c62e2ef8253f4fd5c821372e6942729b464ba30dabba53
                                                                                                  • Instruction Fuzzy Hash: F7E1752100E3C15FE7279B789AA51A0BFB1FE17214B1E45DBC4C0CF9B3D218591AE76A
                                                                                                  Function 008A2654 Relevance: .2, Instructions: 181COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000008A2000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008A2000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_8a2000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e5f9868cf96b3d10d66838eb38efb5436b1e3896023d13f523ff296aeb7fa8cb
                                                                                                  • Instruction ID: 9f68410840d9591827ae5697d66370dbc9099de515e256836f91f580b8a56486
                                                                                                  • Opcode Fuzzy Hash: e5f9868cf96b3d10d66838eb38efb5436b1e3896023d13f523ff296aeb7fa8cb
                                                                                                  • Instruction Fuzzy Hash: A1714634A00208EFDB24EB9CC581AADB7F5FF4A310F2441A5E804EB762D774AE45DB41
                                                                                                  Function 008A28D4 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000008A2000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008A2000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_8a2000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5b65c51050bae19cd8e2189b3dc3e075e47b938bc863fe3f53ed49af6244691d
                                                                                                  • Instruction ID: 11a0fa87d02dce23adb1ed159dc1efb0e1e60402316b68e2464bd82544846ef8
                                                                                                  • Opcode Fuzzy Hash: 5b65c51050bae19cd8e2189b3dc3e075e47b938bc863fe3f53ed49af6244691d
                                                                                                  • Instruction Fuzzy Hash: 5AF08C51308AA44AFA22B63D5400AEEAF81FF07B58F2C0454F8D9CFB02C6058D46D3AA
                                                                                                  Function 008A2478 Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000008A2000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008A2000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_8a2000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ed63f5db13a078d2879c901016d78b82a16f6bab0b1bc7097485690a34d34332
                                                                                                  • Instruction ID: 0a67ba357e8d066496951e0e0b2f2e5feb3e7454d965ab92307eb18af5fba9f5
                                                                                                  • Opcode Fuzzy Hash: ed63f5db13a078d2879c901016d78b82a16f6bab0b1bc7097485690a34d34332
                                                                                                  • Instruction Fuzzy Hash: C4E0D83230D3042FB719997EBC52917BA8DE38A664711843EF105C2A51E86548108068
                                                                                                  Function 008A299C Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000008A2000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008A2000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_8a2000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 851b2e6584a988663f165c13b020c156baa9f2ae03865eba9317844e96c49c4c
                                                                                                  • Instruction ID: befadc6af4ea0f0a164b0d615048cbc2d54c6af618129819209aa4a69235f794
                                                                                                  • Opcode Fuzzy Hash: 851b2e6584a988663f165c13b020c156baa9f2ae03865eba9317844e96c49c4c
                                                                                                  • Instruction Fuzzy Hash: 4CE01A76208208AFB315CB59E951C66BBECFB8EB6476245B6F504C7A10E631AC10D9A0
                                                                                                  Function 008A2934 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000008A2000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008A2000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_8a2000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 167fc22ae6243b5f55fa7f65709fc90d34debaab50f6181aceb7d766e3f5b7ad
                                                                                                  • Instruction ID: 6cbcde3b58b83b401147d3103380e1af46c6acb6f041f0d3e4fc503ae9276cb9
                                                                                                  • Opcode Fuzzy Hash: 167fc22ae6243b5f55fa7f65709fc90d34debaab50f6181aceb7d766e3f5b7ad
                                                                                                  • Instruction Fuzzy Hash: C2E0C263B0192087D228E76E0882B667A82DF4AAE0F0C413AA985C7756E61A4C1003DD
                                                                                                  Function 008A28B0 Relevance: .0, Instructions: 10COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000008A2000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008A2000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_8a2000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ca0a5ceaff39ac834cd7d2f86684fade5cceb7543df8f52c2701c3fd9291ccc9
                                                                                                  • Instruction ID: 53d18f16af2ef5ec0d38c868381838a6c72b5062b47b4bf6fd8c17532e46f4c4
                                                                                                  • Opcode Fuzzy Hash: ca0a5ceaff39ac834cd7d2f86684fade5cceb7543df8f52c2701c3fd9291ccc9
                                                                                                  • Instruction Fuzzy Hash: 54C09B721051086FD100D64EDCC1D5AF7DCF719350F444172F60C87512957278508975
                                                                                                  Function 006398B6 Relevance: .0, Instructions: 5COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.0000000000639000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00639000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_639000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c8c2ac574abf55ae21cbf6035824376078acdc7e53a90bdab73b1b59692627a7
                                                                                                  • Instruction ID: dcab931c4a539a2eadd99cff47283e157d11fd23f3196920210e5ae52d992c9a
                                                                                                  • Opcode Fuzzy Hash: c8c2ac574abf55ae21cbf6035824376078acdc7e53a90bdab73b1b59692627a7
                                                                                                  • Instruction Fuzzy Hash: 6BB001747001158F9F80DB28C688905B7E1BF8932131583E0A409CB336DA30EC85CF81
                                                                                                  Function 008A28A4 Relevance: .0, Instructions: 3COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000008A2000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008A2000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_8a2000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0bb62eaa0e35f85b5f3830afb278fe4f426ab4c8b7f5af162427d8c068c74e05
                                                                                                  • Instruction ID: 4d4aa6572ec6e9df40fdb23cd5b767b3e4c06784fdb70189a62f10ff06af3175
                                                                                                  • Opcode Fuzzy Hash: 0bb62eaa0e35f85b5f3830afb278fe4f426ab4c8b7f5af162427d8c068c74e05
                                                                                                  • Instruction Fuzzy Hash: E29002255100404AD500E718D445B783290BB41340FC949F0600596822855468505902
                                                                                                  Function 009DB080 Relevance: .0, Instructions: 2COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000009DB000.00000020.00000001.01000000.0000000D.sdmp, Offset: 009DB000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_9db000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0a294ce3d42f9c71eba4acb16325737864769557c784ef27caf3e9eeca4a51fc
                                                                                                  • Instruction ID: 9144f19558e7eec2ff19f6467ecaab13505bb0ecaba21d3db13a065a4ef06dd8
                                                                                                  • Opcode Fuzzy Hash: 0a294ce3d42f9c71eba4acb16325737864769557c784ef27caf3e9eeca4a51fc
                                                                                                  • Instruction Fuzzy Hash:

                                                                                                  Non-executed Functions

                                                                                                  Function 013FC064 Relevance: 6.4, Strings: 5, Instructions: 194COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000013FC000.00000020.00000001.01000000.0000000D.sdmp, Offset: 013FC000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_13fc000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: closed_by_user$error_code$network_load$ra_session_id$show_duration_in_sec
                                                                                                  • API String ID: 0-946321287
                                                                                                  • Opcode ID: ad69b4704a60d5f2398f984d1624b5ffc8a136024060da521a3e04cf888ccb1a
                                                                                                  • Instruction ID: e91886fa820f385e8d106acff314b4d7c19c02a79bda00d19f53b402868c4f20
                                                                                                  • Opcode Fuzzy Hash: ad69b4704a60d5f2398f984d1624b5ffc8a136024060da521a3e04cf888ccb1a
                                                                                                  • Instruction Fuzzy Hash: F181F835A0020DDFDB10EB94D895ADDB7F5FF88304F2085AAE905A7256DB70AE0ACF51
                                                                                                  Function 013FC3DC Relevance: 6.4, Strings: 5, Instructions: 154COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.00000000013FC000.00000020.00000001.01000000.0000000D.sdmp, Offset: 013FC000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_13fc000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: closed_by_user$error_code$network_load$ra_session_id$show_duration_in_sec
                                                                                                  • API String ID: 0-946321287
                                                                                                  • Opcode ID: d53246473255d14942e1093299999222fc63d8158e6ba5cfbbeb7bae905454fb
                                                                                                  • Instruction ID: e8c9df6b2db0733995a60e44d4d8be4654ce46ed0071a6159e6859d192147b3b
                                                                                                  • Opcode Fuzzy Hash: d53246473255d14942e1093299999222fc63d8158e6ba5cfbbeb7bae905454fb
                                                                                                  • Instruction Fuzzy Hash: 1D61D734A4020DDFCB44DF95C588ADDBBB5FF49304F6055A9E901AB265DB70AE4ACF40
                                                                                                  Function 006393A0 Relevance: 5.1, Strings: 4, Instructions: 84COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.0000000000639000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00639000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_639000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: END$INHERITED$INLINE$OBJECT
                                                                                                  • API String ID: 0-4145825852
                                                                                                  • Opcode ID: 4532f47643d57de2ea17421b0a1a056e1cf945b83d08ce141df42742412202b6
                                                                                                  • Instruction ID: 25d35a7d7ddcb82412c65dac0bf4290598f4e2fac1134eb1702669a8924f2aad
                                                                                                  • Opcode Fuzzy Hash: 4532f47643d57de2ea17421b0a1a056e1cf945b83d08ce141df42742412202b6
                                                                                                  • Instruction Fuzzy Hash: C72148646082049BDB60EF68D08159D7BD7DF5A354F208058F8849B347C6B6EC078FF5
                                                                                                  Function 0063939F Relevance: 5.1, Strings: 4, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000015.00000002.3736780225.0000000000639000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00639000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_21_2_639000_rutserv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: END$INHERITED$INLINE$OBJECT
                                                                                                  • API String ID: 0-4145825852
                                                                                                  • Opcode ID: 0f6209d93c28aff651d1929d26024db009661849a48d88634394e53cd7c25851
                                                                                                  • Instruction ID: 988d122a77b0c21d35db9d83830a4a3c60dc39ee0e1fe2d8a0635ea3d764f116
                                                                                                  • Opcode Fuzzy Hash: 0f6209d93c28aff651d1929d26024db009661849a48d88634394e53cd7c25851
                                                                                                  • Instruction Fuzzy Hash: 071114686082049BDB60EF68D08159DBBD7DF5A355F208058F8805B347C6A6AC079FF5

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:6.4%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:0%
                                                                                                  Total number of Nodes:27
                                                                                                  Total number of Limit Nodes:2
                                                                                                  execution_graph 1507 e5d637 1508 e5d626 CloseHandle 1507->1508 1509 e5d639 1508->1509 1476 8d4638 1479 8d4664 1476->1479 1477 8d4739 1479->1477 1480 8d43c0 1479->1480 1483 8d4294 1480->1483 1485 8d42ad 1483->1485 1484 8d438e 1484->1479 1485->1484 1486 8d4386 DispatchMessageW 1485->1486 1486->1484 1495 8d43a8 1496 8d43ae 1495->1496 1497 8d4294 DispatchMessageW 1496->1497 1498 8d43bb 1496->1498 1497->1496 1487 8d4294 1489 8d42ad 1487->1489 1488 8d438e 1489->1488 1490 8d4386 DispatchMessageW 1489->1490 1490->1488 1503 8d4636 1504 8d4638 1503->1504 1505 8d4739 1504->1505 1506 8d43c0 DispatchMessageW 1504->1506 1505->1505 1506->1504 1491 e5d598 CreateFileW 1492 e5d5e4 1491->1492 1493 e5d5d3 1491->1493 1494 e5d626 CloseHandle 1492->1494 1494->1493

                                                                                                  Executed Functions

                                                                                                  Function 00E5D598 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • CreateFileW.KERNELBASE(\\.\PIPE\RManFUSServerNotify32,40000000,00000003,00000000,00000003,00000000,00000000,00000000,00E5D632), ref: 00E5D5C5
                                                                                                  • CloseHandle.KERNELBASE(000000FF,00E5D639), ref: 00E5D62A
                                                                                                  Strings
                                                                                                  • Error - CreateFile, xrefs: 00E5D5D3
                                                                                                  • Error - NotifyServer - WriteFile, xrefs: 00E5D60F
                                                                                                  • \\.\PIPE\RManFUSServerNotify32, xrefs: 00E5D5C0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000017.00000002.3736170423.0000000000E5D000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00E5D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_23_2_e5d000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseCreateFileHandle
                                                                                                  • String ID: Error - CreateFile$Error - NotifyServer - WriteFile$\\.\PIPE\RManFUSServerNotify32
                                                                                                  • API String ID: 3498533004-2744967546
                                                                                                  • Opcode ID: 2c476d0d60d816c126f234abef018cdd8fbe2e01ec8b565d3e82c40c4e62af18
                                                                                                  • Instruction ID: 4e9b0220343306854a114ac0b355fcbc7f2f6f8ff930ba1b94929cef2f3f6984
                                                                                                  • Opcode Fuzzy Hash: 2c476d0d60d816c126f234abef018cdd8fbe2e01ec8b565d3e82c40c4e62af18
                                                                                                  • Instruction Fuzzy Hash: A5118E70A48308FFD760EBE49C02B5977A8DB49711F2059A6FA14F72C0D6B09A058BA5
                                                                                                  Function 008D4294 Relevance: 1.6, APIs: 1, Instructions: 105windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 13 8d4294-8d42af 15 8d439d-8d43a4 13->15 16 8d42b5-8d42b9 13->16 17 8d42c9 16->17 18 8d42bb-8d42c3 16->18 19 8d42cb-8d42d4 17->19 18->17 23 8d42c5-8d42c7 18->23 20 8d42ec-8d42ff 19->20 21 8d42d6-8d42ea 19->21 26 8d4300-8d4302 20->26 21->26 23->19 26->15 27 8d4308-8d430e 26->27 28 8d4314-8d4320 27->28 29 8d4396 27->29 30 8d4332-8d433d 28->30 31 8d4322-8d4326 28->31 29->15 30->15 33 8d433f-8d434a call 8d4130 30->33 31->30 33->15 36 8d434c-8d4350 33->36 36->15 37 8d4352-8d435d 36->37 37->15 39 8d435f-8d436a call 8d4038 37->39 39->15 42 8d436c-8d4377 39->42 42->15 44 8d4379-8d4384 42->44 46 8d438e-8d4394 44->46 47 8d4386-8d438c DispatchMessageW 44->47 46->15 47->15
                                                                                                  APIs
                                                                                                  • DispatchMessageW.USER32(?,?,?,00000000,00000000,00000000,00000001,?,00000000,00000000,00000000,00000000), ref: 008D4387
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000017.00000002.3736170423.00000000008D4000.00000020.00000001.01000000.0000000B.sdmp, Offset: 008D4000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_23_2_8d4000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DispatchMessage
                                                                                                  • String ID:
                                                                                                  • API String ID: 2061451462-0
                                                                                                  • Opcode ID: d15c3d830721558d5729fb6870acdb083b7e6d08b68983c07b1d54298cea673d
                                                                                                  • Instruction ID: d3eec212d325f5e26db963b66d650a17e4faf4242b1796c21dea8688f91c060b
                                                                                                  • Opcode Fuzzy Hash: d15c3d830721558d5729fb6870acdb083b7e6d08b68983c07b1d54298cea673d
                                                                                                  • Instruction Fuzzy Hash: D921052134438427EA353A2D1C07F7E979AEF92B08F145A1FF591E73C2CAB59846426A
                                                                                                  Function 00E5D637 Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 65 e5d637-e5d63c CloseHandle
                                                                                                  APIs
                                                                                                  • CloseHandle.KERNELBASE(000000FF,00E5D639), ref: 00E5D62A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000017.00000002.3736170423.0000000000E5D000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00E5D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_23_2_e5d000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 2962429428-0
                                                                                                  • Opcode ID: 85f8a527de5d3f3d0e77299ba621c860796bf597329a1e3df30f4d13ac857b20
                                                                                                  • Instruction ID: 8140210c79176e047f7d0141ccab7e95c5699643a9df34a5ba38638e242f02ae
                                                                                                  • Opcode Fuzzy Hash: 85f8a527de5d3f3d0e77299ba621c860796bf597329a1e3df30f4d13ac857b20
                                                                                                  • Instruction Fuzzy Hash: 62A0222288C20AFECA80E3E0888088C332C0A0C3C0F303CC8F303E2000C2308A002330
                                                                                                  Function 006291E0 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 137 6291e0-6291ee 139 6291f0-6291fa 137->139 140 629203-629205 139->140 141 6291fc 139->141 140->139 142 629207-629211 call 629a20 140->142 143 629201 141->143 143->140
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000017.00000002.3736170423.0000000000629000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00629000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_23_2_629000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 61d335ad67eb5eb214e9d0e7db7e76042e91f6d0ff048dfc5b425ac8b39ad81c
                                                                                                  • Instruction ID: 38e0dbfaa95885eba2c9780d31ea6be6144f1c727f41329efe645d9cd84eca84
                                                                                                  • Opcode Fuzzy Hash: 61d335ad67eb5eb214e9d0e7db7e76042e91f6d0ff048dfc5b425ac8b39ad81c
                                                                                                  • Instruction Fuzzy Hash: 92E0C236F106354B9B60A96E688118AE3D69FE8370719443DAC40D7301C5309C018BE0

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:7.5%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:0%
                                                                                                  Total number of Nodes:20
                                                                                                  Total number of Limit Nodes:1
                                                                                                  execution_graph 1340 62aec8 1341 62aed0 1340->1341 1342 62aef2 1341->1342 1344 62af78 1341->1344 1345 62af84 1344->1345 1346 62af8c RtlExitUserThread 1344->1346 1345->1346 1346->1342 1347 763a98 1348 763a9e 1347->1348 1351 763ad0 1348->1351 1352 763ad6 1351->1352 1355 763b6c 1352->1355 1354 763ab5 1356 763b7d 1355->1356 1357 763bcb 1356->1357 1360 62af00 1356->1360 1364 62aefe 1356->1364 1361 62af1d CreateThread 1360->1361 1363 62af65 1361->1363 1363->1357 1365 62af00 CreateThread 1364->1365 1367 62af65 1365->1367 1367->1357

                                                                                                  Executed Functions

                                                                                                  Function 0062AF00 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 62af00-62af1b 1 62af2b-62af39 0->1 2 62af1d-62af29 0->2 5 62af3c-62af63 CreateThread 1->5 2->5 6 62af65 5->6 7 62af6c-62af74 5->7 6->7
                                                                                                  APIs
                                                                                                  • CreateThread.KERNEL32(?,?,Function_00000EC8,00000000,?,?), ref: 0062AF5A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.000000000062A000.00000020.00000001.01000000.0000000B.sdmp, Offset: 0062A000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_62a000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2422867632-0
                                                                                                  • Opcode ID: e2787dc1d424f22c332985e9d9eff38e7fbace8541aefd61d99fd901b8763789
                                                                                                  • Instruction ID: b9c620d6022f5722629a2e0179d1399005b755c316f766fca35f164f234d82af
                                                                                                  • Opcode Fuzzy Hash: e2787dc1d424f22c332985e9d9eff38e7fbace8541aefd61d99fd901b8763789
                                                                                                  • Instruction Fuzzy Hash: B301F772700664AFCB00CF9DF980A8ABBEDEB18350F008026F908D7391C6B0DD058B65
                                                                                                  Function 0062AEFE Relevance: 1.5, APIs: 1, Instructions: 44threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 8 62aefe-62af1b 10 62af2b-62af39 8->10 11 62af1d-62af29 8->11 14 62af3c-62af63 CreateThread 10->14 11->14 15 62af65 14->15 16 62af6c-62af74 14->16 15->16
                                                                                                  APIs
                                                                                                  • CreateThread.KERNEL32(?,?,Function_00000EC8,00000000,?,?), ref: 0062AF5A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.000000000062A000.00000020.00000001.01000000.0000000B.sdmp, Offset: 0062A000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_62a000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2422867632-0
                                                                                                  • Opcode ID: f7c0141731fef44cc2da01b1202d6bdc063c9491da4bf0ebe5fca736f386992a
                                                                                                  • Instruction ID: 5429ddc24f4b77b64b5998ddab865f825205f025df3c9ea31782be6d2415e751
                                                                                                  • Opcode Fuzzy Hash: f7c0141731fef44cc2da01b1202d6bdc063c9491da4bf0ebe5fca736f386992a
                                                                                                  • Instruction Fuzzy Hash: 57F0A472704564AFD710CB9DBD80A9AB7EDDB18360F104026F918E7390D670DD058BA5
                                                                                                  Function 0062AF78 Relevance: 1.5, APIs: 1, Instructions: 10threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 17 62af78-62af82 18 62af84 17->18 19 62af8c-62af93 RtlExitUserThread 17->19 18->19
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.000000000062A000.00000020.00000001.01000000.0000000B.sdmp, Offset: 0062A000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_62a000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExitThreadUser
                                                                                                  • String ID:
                                                                                                  • API String ID: 3424019298-0
                                                                                                  • Opcode ID: be306e993a4723bc4ae7df2c5855592058a0ce5e906ee87ac57f7cd1300bfa35
                                                                                                  • Instruction ID: 437ec704f6257d8084a9a470c8fdea73101d928d298ec412fd70cd85926788bc
                                                                                                  • Opcode Fuzzy Hash: be306e993a4723bc4ae7df2c5855592058a0ce5e906ee87ac57f7cd1300bfa35
                                                                                                  • Instruction Fuzzy Hash: A9C04CB12416104FD35067B66F8875962596748245F542429B506A6162DBBC484CCB14
                                                                                                  Function 00763B6C Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 28 763b6c-763b7b 29 763b85-763bae 28->29 30 763b7d 28->30 32 763bb6-763bb8 29->32 33 763bb0-763bb4 29->33 30->29 35 763bbc-763bc3 32->35 33->32 34 763bba 33->34 34->35 36 763bc5-763bc9 35->36 37 763c3f-763c4c 35->37 38 763bcb-763be7 36->38 39 763be9-763bf7 36->39 45 763c4f-763c57 37->45 43 763c01-763c05 38->43 55 763bf9 call 62af00 39->55 56 763bf9 call 62aefe 39->56 42 763bfe 42->43 43->45 46 763c07-763c3d 43->46 47 763c5c-763c6c 45->47 46->45 55->42 56->42
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.0000000000763000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00763000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_763000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 506ca95aca2352e6d7b8fd11812dc66dd430de7c5309a4097e11c573a527db34
                                                                                                  • Instruction ID: eac2a611933be825d55069183417778183941145f2ec75eb03a2f5b1b5c92c7e
                                                                                                  • Opcode Fuzzy Hash: 506ca95aca2352e6d7b8fd11812dc66dd430de7c5309a4097e11c573a527db34
                                                                                                  • Instruction Fuzzy Hash: EF31F7B09047549ED320DBB5C8817AB7BE69F09304F04C82DF89AD7681DB79A644CBA9
                                                                                                  Function 007639D6 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 57 7639d6-763a0c 60 763a43-763a72 call 7636c4 57->60 61 763a0e-763a1f 57->61 67 763a74 60->67 68 763a7c-763a83 60->68 63 763a24-763a2c 61->63 63->60 67->68 70 763a84 68->70 70->70
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.0000000000763000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00763000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_763000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ce0eb90d790fcad060993e6702aaf49c0a33c14230e5ae9e16a3abf9203a12a5
                                                                                                  • Instruction ID: c41d82b00de2e95702383ed9a3133d7a8d81a44e32e31afdf4bb775f2f66047b
                                                                                                  • Opcode Fuzzy Hash: ce0eb90d790fcad060993e6702aaf49c0a33c14230e5ae9e16a3abf9203a12a5
                                                                                                  • Instruction Fuzzy Hash: FA119074604244EFD701CFA5C955959BBF5EF4A710F2184E4F84197362C738AF00EA60
                                                                                                  Function 007639D8 Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 71 7639d8-763a0c 73 763a43-763a72 call 7636c4 71->73 74 763a0e-763a1f 71->74 80 763a74 73->80 81 763a7c-763a83 73->81 76 763a24-763a2c 74->76 76->73 80->81 83 763a84 81->83 83->83
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.0000000000763000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00763000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_763000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4102605badd00784048ea4a329421d9777454ead65b754ebde1f96f37088b2da
                                                                                                  • Instruction ID: bdb7f1346893d40c97ef5633b2db523d164e7d95489ac888e638268174a8d1be
                                                                                                  • Opcode Fuzzy Hash: 4102605badd00784048ea4a329421d9777454ead65b754ebde1f96f37088b2da
                                                                                                  • Instruction Fuzzy Hash: B911BF74A08244EFD701CFA5C955D59BBF9EF4A710F2284E4F8419B362C738AF00EAA0
                                                                                                  Function 00763AD0 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 92 763ad0-763ad4 93 763ad6 92->93 94 763ade-763af1 call 763b6c 92->94 93->94 97 763b02-763b06 94->97 98 763af3 94->98 99 763af8-763aff 98->99 99->97
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.0000000000763000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00763000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_763000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ecfe84cba4e19567a51d69854b7ee067800ad10c62711e84eb12de1b0d1b4f98
                                                                                                  • Instruction ID: 4474c46d78a3bc9869185a4fe6696f949b76af4fb6b2be82248608886b740b65
                                                                                                  • Opcode Fuzzy Hash: ecfe84cba4e19567a51d69854b7ee067800ad10c62711e84eb12de1b0d1b4f98
                                                                                                  • Instruction Fuzzy Hash: 94D05B5274193047D11067AD1D43B95B5458F82FA1F084130BD45CF395EA0A4D1541E9
                                                                                                  Function 00763E88 Relevance: .0, Instructions: 9COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 105 763e88-763e8e 106 763e90-763e94 105->106 107 763e9a-763e9b 105->107 106->107
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.0000000000763000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00763000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_763000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f3d1ebd5290f40acf8a8fe20081544375cd2ca86df4495658b6f3dd05f38d2b0
                                                                                                  • Instruction ID: b3c7692fc987200ebe253531d411efc58328210ad519b5c1691249f0d0ff8356
                                                                                                  • Opcode Fuzzy Hash: f3d1ebd5290f40acf8a8fe20081544375cd2ca86df4495658b6f3dd05f38d2b0
                                                                                                  • Instruction Fuzzy Hash: 34C04C617001008FC7589E68D4D854233E49B4821571080909405CB196D765CD92C790
                                                                                                  Function 00938B90 Relevance: .0, Instructions: 7COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 108 938b90-938b96 109 938b9e-938b9f 108->109
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.0000000000938000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00938000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_938000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f341b01ab4fae816cc24c3ba62c3b5522551ee3937a410d14ff0020c247fc16e
                                                                                                  • Instruction ID: d8fed4a71d0c9b58f021b92a079018616ea2b0c5f349e0da850bc75107949f5f
                                                                                                  • Opcode Fuzzy Hash: f341b01ab4fae816cc24c3ba62c3b5522551ee3937a410d14ff0020c247fc16e
                                                                                                  • Instruction Fuzzy Hash: B2B0123200010CB78F013E81EC01C497F5DAB12360B00C011FE0808121C6339570A798
                                                                                                  Function 00763E9F Relevance: .0, Instructions: 6COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 110 763e9f-763ea1 111 763ea3-763ea4 110->111 112 763eae 110->112 111->112
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000018.00000002.3736180777.0000000000763000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00763000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_24_2_763000_rfusclient.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 947539e41f307acbe254c9d4a8b751d141d5621d97260492b6574b5385a57b66
                                                                                                  • Instruction ID: 55fbb55b3d9373766050e50b85e820bb7c030dbed71f05cc01140f363563b51e
                                                                                                  • Opcode Fuzzy Hash: 947539e41f307acbe254c9d4a8b751d141d5621d97260492b6574b5385a57b66
                                                                                                  • Instruction Fuzzy Hash: D5A002EA6445C57C565162E58D1A9761A199AC37007CD18C47C935545685EF1E02C332